What the vulnerability does
01Description
Missing Authorization vulnerability in ChoPlugins.com Custom PC Builder Lite for WooCommerce custom-pc-builder-lite-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom PC Builder Lite for WooCommerce: from n/a through <= 1.0.1.
Explanation of Vulnerability in Simple Terms
02Summary
Custom PC Builder Lite for WooCommerce versions up to 1.0.1 lack proper authorization checks on certain functions. An attacker can modify or delete data without authentication. The plugin does not verify user permissions before processing requests, allowing unauthorized changes to site content or functionality.
What an attacker can do
03Attacker Capabilities
Modify or delete site data without logging in.
Potential impact on your site
04Site Impact
Attackers can alter or remove product configurations and builder data without your knowledge or permission.
Conditions required to exploit
05Prerequisites
Network access to the site; no authentication or user interaction required.
Key dates
06Disclosure timeline
May 19, 2025
CVE published
April 28, 2026
Record updated