What the vulnerability does
01Description
Incorrect Privilege Assignment vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light excel-like-price-change-for-woocommerce-and-wp-e-commerce-light allows Privilege Escalation.This issue affects Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light: from n/a through <= 2.4.37.
Explanation of Vulnerability in Simple Terms
02Summary
A critical vulnerability in Spreadsheet Price Changer for WooCommerce and WP E-commerce allows unauthenticated attackers to read sensitive data, modify site content, and disrupt service without any user interaction. The plugin fails to properly restrict access to core functions, exposing the site to complete compromise. All versions up to 2.4.37 are affected.
What an attacker can do
03Attacker Capabilities
Read sensitive data, modify site content, and disable the site without logging in or user interaction.
Potential impact on your site
04Site Impact
Site data, pricing, and availability can be compromised by any remote attacker without warning or credentials.
Conditions required to exploit
05Prerequisites
Network access only; no authentication or user interaction required.
Key dates
06Disclosure timeline
June 9, 2025
CVE published
April 28, 2026
Record updated