What the vulnerability does
01Description
Missing Authorization vulnerability in Bizswoop Account Manager for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Account Manager for WooCommerce: from n/a through 2.1.2.
Explanation of Vulnerability in Simple Terms
02Summary
Account Manager for WooCommerce versions up to 2.1.2 lack proper authorization checks on certain functions. A logged-in user with low privileges can access or modify data they should not have permission to view or change. The vulnerability requires an active user account but no special interaction from the victim.
What an attacker can do
03Attacker Capabilities
Read or modify data belonging to other users or restricted account information.
Potential impact on your site
04Site Impact
Customer or staff accounts may have their data exposed or altered by other authenticated users.
Conditions required to exploit
05Prerequisites
Attacker must have a valid WooCommerce user account with low-level privileges.
Key dates
06Disclosure timeline
May 27, 2026
CVE published
May 27, 2026
Record updated