What the vulnerability does
01Description
Missing Authorization vulnerability in vinodvaswani9 Bulk Assign Linked Products For WooCommerce wc-bulk-assign-linked-products allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bulk Assign Linked Products For WooCommerce: from n/a through <= 2.1.
Explanation of Vulnerability in Simple Terms
02Summary
The Bulk Assign Linked Products For WooCommerce plugin through version 2.1 lacks proper authorization checks on its core functionality. An unauthenticated attacker can modify product relationships without permission. The vulnerability requires only network access and no user interaction, making it trivial to exploit at scale.
What an attacker can do
03Attacker Capabilities
Modify linked product assignments on the WooCommerce store without authentication.
Potential impact on your site
04Site Impact
Attackers can alter product relationships, potentially disrupting catalog structure and customer experience.
Conditions required to exploit
05Prerequisites
Network access only; no authentication or user interaction required.
Key dates
06Disclosure timeline
April 24, 2025
CVE published
April 28, 2026
Record updated