What the vulnerability does
01Description
Missing Authorization vulnerability in Damian Góra FiboSearch ajax-search-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FiboSearch: from n/a through <= 1.32.1.
Explanation of Vulnerability in Simple Terms
02Summary
FiboSearch versions up to 1.32.1 lack proper authorization checks, allowing unauthenticated attackers to read sensitive information through the application. The vulnerability requires only network access and no user interaction. An attacker can retrieve data that should be restricted, though the impact is limited to information disclosure.
What an attacker can do
03Attacker Capabilities
Read sensitive data without authentication or permission.
Potential impact on your site
04Site Impact
Unauthorized users can access restricted information exposed by FiboSearch.
Conditions required to exploit
05Prerequisites
Network access only; no authentication or user interaction required.
Key dates
06Disclosure timeline
August 12, 2025
CVE published
April 28, 2026
Record updated