What the vulnerability does
01Description
Missing Authorization vulnerability in enituretechnology Distance Based Shipping Calculator distance-based-shipping-calculator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Distance Based Shipping Calculator: from n/a through <= 2.0.22.
Explanation of Vulnerability in Simple Terms
02Summary
The Distance Based Shipping Calculator plugin for WordPress contains an authorization flaw that allows authenticated users with low privileges to modify shipping data and disrupt site operations. An attacker with a basic user account can change shipping settings without proper permission checks. This affects all versions up to 2.0.22. Site administrators should update immediately when a patch becomes available.
What an attacker can do
03Attacker Capabilities
Modify shipping calculator settings and data without proper authorization.
Potential impact on your site
04Site Impact
Shipping rates and calculator behavior can be altered by unauthorized users, disrupting orders and customer experience.
Conditions required to exploit
05Prerequisites
Attacker must have a low-privilege user account on the WordPress site.
Key dates
06Disclosure timeline
February 16, 2025
CVE published
April 28, 2026
Record updated