Impact
The vulnerability is an unauthenticated broken access control flaw in the WooCommerce Anti‑Fraud plugin versions up to 7.2.6. It allows an attacker to perform actions normally restricted to authenticated users. The impact is the potential for an adversary to modify plugin settings, access sensitive data, or otherwise bypass normal access restrictions, compromising the integrity and confidentiality of the e‑commerce platform.
Affected Systems
WordPress installations running the WooCommerce Anti−Fraud plugin version 7.2.6 or earlier. The plugin is authored by OPMC and is integrated into WooCommerce e‑commerce sites.
Risk and Exploitability
The CVSS score of 6.5 indicates moderate severity. The EPSS score is not available, so the current exploitation probability is unclear. The vulnerability is not listed in the CISA KEV catalog, suggesting no publicly known exploits. The likely attack vector is through the web interface of the WordPress site, where unauthenticated users can send requests to the plugin. Exploitation would not require authenticated credentials, making it surface‑wide for affected sites.
OpenCVE Enrichment