CVE-2025-22667 MEDIUM

CVE-2025-22667: WordPress Export Order, Product, Customer & Coupon for WooCommerce to Google Sheets plugin <= 1.8.2 - Broken Access Control vulnerability

Vendor Creative Werk Designs
Product Export Order, Product, Customer & Coupon for WooCommerce to Google Sheets
Weakness CWE-862 · Missing authorization
Published March 27, 2025
Last update April 28, 2026

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

Missing Authorization vulnerability in Creative Werk Designs Export Order, Product, Customer & Coupon for WooCommerce to Google Sheets wpsyncsheets-woocommerce.This issue affects Export Order, Product, Customer & Coupon for WooCommerce to Google Sheets: from n/a through <= 1.8.2.

Explanation of Vulnerability in Simple Terms

02Summary

The Export Order, Product, Customer & Coupon for WooCommerce to Google Sheets plugin through version 1.8.2 does not properly check user permissions before allowing modifications to exported data. An authenticated user with low privileges can alter data that should be restricted to administrators, potentially corrupting WooCommerce records without proper authorization.

What an attacker can do

03Attacker Capabilities

Modify WooCommerce orders, products, customers, or coupons without having admin permission.

Potential impact on your site

04Site Impact

Unauthorized users can alter critical WooCommerce data, risking data integrity and business operations.

Conditions required to exploit

05Prerequisites

Attacker must have a low-privilege WooCommerce user account (e.g., shop manager or customer).

Key dates

06Disclosure timeline

March 27, 2025 CVE published
April 28, 2026 Record updated