What the vulnerability does
01Description
Missing Authorization vulnerability in Creative Werk Designs Export Order, Product, Customer & Coupon for WooCommerce to Google Sheets wpsyncsheets-woocommerce.This issue affects Export Order, Product, Customer & Coupon for WooCommerce to Google Sheets: from n/a through <= 1.8.2.
Explanation of Vulnerability in Simple Terms
02Summary
The Export Order, Product, Customer & Coupon for WooCommerce to Google Sheets plugin through version 1.8.2 does not properly check user permissions before allowing modifications to exported data. An authenticated user with low privileges can alter data that should be restricted to administrators, potentially corrupting WooCommerce records without proper authorization.
What an attacker can do
03Attacker Capabilities
Modify WooCommerce orders, products, customers, or coupons without having admin permission.
Potential impact on your site
04Site Impact
Unauthorized users can alter critical WooCommerce data, risking data integrity and business operations.
Conditions required to exploit
05Prerequisites
Attacker must have a low-privilege WooCommerce user account (e.g., shop manager or customer).
Key dates
06Disclosure timeline
March 27, 2025
CVE published
April 28, 2026
Record updated