Description
Missing Authorization vulnerability in Dotstore Fraud Prevention For Woocommerce woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fraud Prevention For Woocommerce: from n/a through <= 2.3.3.
Published: 2026-03-19
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized content deletion
Action: Immediate Patch
AI Analysis

Impact

A missing authorization flaw (CWE‑862) in the Dotstore Fraud Prevention For Woocommerce plugin allows an attacker to delete any content, including posts, pages, or orders, because the access‑control checks fail to verify proper permissions before deletion is processed. The flaw arises from incorrectly configured security levels that do not enforce role‑based restrictions on delete operations, thereby compromising the integrity of the site’s data.

Affected Systems

WordPress sites that have installed the Dotstore Fraud Prevention For Woocommerce plugin—also known as woo‑blocker‑lite‑prevent‑fake‑orders‑and‑blacklist‑fraud‑customers—in any released version up through 2.3.3 are affected. Sites running a newer version are not vulnerable.

Risk and Exploitability

The EPSS score is below 1%, and the vulnerability is not listed in the CISA KEV catalog, indicating a low probability of exploitation. The likely attack vector is an authenticated user who gains privileged access to the plugin’s back‑end, either through credential compromise or by exploiting other authentication weaknesses. Once authenticated, the attacker can invoke the deletion endpoint and remove arbitrary content, leading to loss of data and potential service disruption. The impact covers integrity and availability, and the overall risk warrants prompt remediation.

Generated by OpenCVE AI on April 2, 2026 at 05:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Fraud Prevention For Woocommerce plugin to any version newer than 2.3.3.
  • If an upgrade is not immediately possible, restrict plugin administration to trusted user roles and consider disabling the plugin for accounts that do not require its functionality.
  • Enable WordPress audit logging to track delete operations and perform regular backups so deleted data can be restored.

Generated by OpenCVE AI on April 2, 2026 at 05:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Dotstore Fraud Prevention For Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fraud Prevention For Woocommerce: from n/a through 2.3.3. Missing Authorization vulnerability in Dotstore Fraud Prevention For Woocommerce woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fraud Prevention For Woocommerce: from n/a through <= 2.3.3.
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Fri, 20 Mar 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Dotstore
Dotstore fraud Prevention For Woocommerce
Wordpress
Wordpress wordpress
Vendors & Products Dotstore
Dotstore fraud Prevention For Woocommerce
Wordpress
Wordpress wordpress

Thu, 19 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 19 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Dotstore Fraud Prevention For Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fraud Prevention For Woocommerce: from n/a through 2.3.3.
Title WordPress Fraud Prevention For Woocommerce plugin <= 2.3.3 - Arbitrary Content Deletion vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Dotstore Fraud Prevention For Woocommerce
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-01T16:00:42.646Z

Reserved: 2026-02-02T12:53:40.964Z

Link: CVE-2026-25443

cve-icon Vulnrichment

Updated: 2026-03-19T13:56:51.306Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-19T09:16:17.453

Modified: 2026-04-01T17:28:35.900

Link: CVE-2026-25443

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T07:59:51Z

Weaknesses