What the vulnerability does
01Description
Missing Authorization vulnerability in vanquish WooCommerce Orders & Customers Exporter woocommerce-orders-ei allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Orders & Customers Exporter: from n/a through <= 5.4.
Explanation of Vulnerability in Simple Terms
02Summary
The WooCommerce Orders & Customers Exporter plugin through version 5.4 lacks proper authorization checks on export functionality. A logged-in user with low privileges can access and export sensitive order and customer data without appropriate permission validation. This allows unauthorized data disclosure to users who should not have access to this information.
What an attacker can do
03Attacker Capabilities
Export sensitive order and customer data without proper authorization.
Potential impact on your site
04Site Impact
Customer and order data can be accessed by unauthorized users, risking privacy violations and data breach liability.
Conditions required to exploit
05Prerequisites
Attacker must have a low-privilege account on the WordPress site (e.g., subscriber or contributor).
Key dates
06Disclosure timeline
October 22, 2025
CVE published
April 28, 2026
Record updated