Description
Missing Authorization vulnerability in PI Web Solution Live sales notification for WooCommerce live-sales-notifications-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live sales notification for WooCommerce: from n/a through <= 2.3.60.
Published: 2026-02-19
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized access to notification data
Action: Patch
AI Analysis

Impact

The vulnerability is a missing authorization issue in PI Web Solution Live sales notification for WooCommerce. It allows actors to bypass the plugin’s configured access control security levels and retrieve sale notifications. This can result in unauthorized disclosure of notification data stored by the plugin.

Affected Systems

WordPress sites that install PI Web Solution Live sales notification for WooCommerce in any version up to and including 2.3.60 are vulnerable. The vulnerability affects all releases of the plugin from the earliest mentioned build through 2.3.60.

Risk and Exploitability

Based on the CVSS base score of 5.3, the vulnerability represents a moderate risk. The EPSS score is less than 1 %, indicating a low probability of exploitation, and it is not listed in CISA’s KEV catalog. The likely attack vector is via the WordPress administrative interface or through an authenticated user with insufficient role restrictions, allowing read access to sale notification data that should otherwise be protected.

Generated by OpenCVE AI on April 29, 2026 at 02:31 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Live sales notification for WooCommerce plugin to a version newer than 2.3.60.
  • Restrict direct access to the WordPress administrative pages that expose sale notifications, limiting them to users with appropriate roles.
  • Enforce WordPress role‑based access controls so that only authorized administrators can view sale notification data.

Generated by OpenCVE AI on April 29, 2026 at 02:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in PI Web Solution Live sales notification for WooCommerce live-sales-notifications-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live sales notification for WooCommerce: from n/a through <= 2.3.61. Missing Authorization vulnerability in PI Web Solution Live sales notification for WooCommerce live-sales-notifications-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live sales notification for WooCommerce: from n/a through <= 2.3.60.
Title WordPress Live sales notification for WooCommerce plugin <= 2.3.61 - Broken Access Control vulnerability WordPress Live sales notification for WooCommerce plugin <= 2.3.60 - Broken Access Control vulnerability

Tue, 28 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in PI Web Solution Live sales notification for WooCommerce live-sales-notifications-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live sales notification for WooCommerce: from n/a through <= 2.3.60. Missing Authorization vulnerability in PI Web Solution Live sales notification for WooCommerce live-sales-notifications-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live sales notification for WooCommerce: from n/a through <= 2.3.61.
Title WordPress Live sales notification for WooCommerce plugin <= 2.3.60 - Broken Access Control vulnerability WordPress Live sales notification for WooCommerce plugin <= 2.3.61 - Broken Access Control vulnerability

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in PI Web Solution Live sales notification for WooCommerce live-sales-notifications-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live sales notification for WooCommerce: from n/a through <= 2.3.49. Missing Authorization vulnerability in PI Web Solution Live sales notification for WooCommerce live-sales-notifications-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live sales notification for WooCommerce: from n/a through <= 2.3.60.
Title WordPress Live sales notification for WooCommerce plugin <= 2.3.49 - Broken Access Control vulnerability WordPress Live sales notification for WooCommerce plugin <= 2.3.60 - Broken Access Control vulnerability

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in PI Web Solution Live sales notification for WooCommerce live-sales-notifications-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live sales notification for WooCommerce: from n/a through <= 2.3.46. Missing Authorization vulnerability in PI Web Solution Live sales notification for WooCommerce live-sales-notifications-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live sales notification for WooCommerce: from n/a through <= 2.3.49.
Title WordPress Live sales notification for WooCommerce plugin <= 2.3.46 - Broken Access Control vulnerability WordPress Live sales notification for WooCommerce plugin <= 2.3.49 - Broken Access Control vulnerability

Fri, 20 Feb 2026 23:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 20 Feb 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Pi Web Solution
Pi Web Solution live Sales Notification For Woocommerce
Wordpress
Wordpress wordpress
Vendors & Products Pi Web Solution
Pi Web Solution live Sales Notification For Woocommerce
Wordpress
Wordpress wordpress

Thu, 19 Feb 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Thu, 19 Feb 2026 08:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in PI Web Solution Live sales notification for WooCommerce live-sales-notifications-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live sales notification for WooCommerce: from n/a through <= 2.3.46.
Title WordPress Live sales notification for WooCommerce plugin <= 2.3.46 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Pi Web Solution Live Sales Notification For Woocommerce
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:15:00.856Z

Reserved: 2026-02-17T13:23:42.768Z

Link: CVE-2026-27066

cve-icon Vulnrichment

Updated: 2026-02-19T16:53:44.208Z

cve-icon NVD

Status : Deferred

Published: 2026-02-19T09:16:27.360

Modified: 2026-04-28T19:37:12.417

Link: CVE-2026-27066

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T02:45:35Z

Weaknesses