A missing authorization flaw in the ProWCPlugins Product Price by Formula for WooCommerce plugin permits the exploitation of incorrectly configured access control security levels. An attacker could use this weakness to access or modify plugin settings, product pricing data, or other privileged functions without proper authentication, potentially altering product prices or exposing sensitive information. The vulnerability is fundamentally a broken access control weakness, identified as CWE‑862.

Any WordPress site running ProWCPlugins Product Price by Formula for WooCommerce version 2.5.6 or earlier is affected. The plugin implements pricing logic that, when accessed without correct permissions, allows unauthorized changes to product prices or related configurations.

The CVSS score of 5.3 indicates a moderate severity, with an EPSS score below 1% suggesting that exploitation is relatively uncommon. The vulnerability is not listed in the CISA KEV catalog, implying no known widespread exploitation at this time. Based on the plugin’s nature, the likely attack vector is remote, where an unauthenticated or low‑privilege user could interact with the plugin’s endpoints to manipulate pricing data. Because the flaw stems from missing authorization checks, it does not require advanced skills but does need the target site to have the vulnerable plugin installed and exposed.