What the vulnerability does
01Description
Missing Authorization vulnerability in Eivin Landa Bring Fraktguiden for WooCommerce bring-fraktguiden-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bring Fraktguiden for WooCommerce: from n/a through <= 1.11.4.
Explanation of Vulnerability in Simple Terms
02Summary
Bring Fraktguiden for WooCommerce versions up to 1.11.4 lack proper authorization checks, allowing authenticated users to read sensitive data they should not access. An attacker with a low-privilege account can retrieve confidential information without performing any additional actions. Site administrators should update to a version newer than 1.11.4 to restore proper access controls.
What an attacker can do
03Attacker Capabilities
Read sensitive data belonging to other users or the site without permission.
Potential impact on your site
04Site Impact
Customer data, shipping information, or other confidential records may be exposed to unauthorized account holders.
Conditions required to exploit
05Prerequisites
Attacker must have a low-privilege WooCommerce account; no user interaction required.
Key dates
06Disclosure timeline
April 17, 2025
CVE published
May 12, 2026
Record updated