What the vulnerability does
01Description
Missing Authorization vulnerability in Web Ready Now WR Price List Manager For Woocommerce wr-price-list-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WR Price List Manager For Woocommerce: from n/a through <= 1.0.8.
Explanation of Vulnerability in Simple Terms
02Summary
WR Price List Manager For Woocommerce versions 1.0.8 and earlier lack proper authorization checks on certain functions. A logged-in user with low privileges can modify or delete price list data without proper permission validation. The vulnerability affects data integrity but does not expose sensitive information or take the site offline.
What an attacker can do
03Attacker Capabilities
A low-privilege user can modify or delete price list data without authorization.
Potential impact on your site
04Site Impact
Unauthorized users can alter or remove price list information, potentially disrupting product pricing and catalog accuracy.
Conditions required to exploit
05Prerequisites
Attacker must have a valid user account with low-level access to the WordPress site.
Key dates
06Disclosure timeline
April 3, 2025
CVE published
April 28, 2026
Record updated