CVE-2025-39559 MEDIUM

CVE-2025-39559: WordPress Bring Fraktguiden for WooCommerce plugin <= 1.11.4 - Broken Access Control vulnerability

Vendor Eivin Landa
Product Bring Fraktguiden for WooCommerce
Weakness CWE-862 · Missing authorization
Published April 17, 2025
Last update May 12, 2026

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Missing Authorization vulnerability in Eivin Landa Bring Fraktguiden for WooCommerce bring-fraktguiden-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bring Fraktguiden for WooCommerce: from n/a through <= 1.11.4.

Explanation of Vulnerability in Simple Terms

02Summary

Bring Fraktguiden for WooCommerce versions up to 1.11.4 lack proper authorization checks, allowing authenticated users to read sensitive data they should not access. An attacker with a low-privilege account can retrieve confidential information without performing any additional actions. Site administrators should update to a version newer than 1.11.4 to restore proper access controls.

What an attacker can do

03Attacker Capabilities

Read sensitive data belonging to other users or the site without permission.

Potential impact on your site

04Site Impact

Customer data, shipping information, or other confidential records may be exposed to unauthorized account holders.

Conditions required to exploit

05Prerequisites

Attacker must have a low-privilege WooCommerce account; no user interaction required.

Key dates

06Disclosure timeline

April 17, 2025 CVE published
May 12, 2026 Record updated