What the vulnerability does
01Description
Incorrect Privilege Assignment vulnerability in extendons WooCommerce Registration Fields Plugin - Custom Signup Fields extendons-registration-fields allows Privilege Escalation.This issue affects WooCommerce Registration Fields Plugin - Custom Signup Fields: from n/a through <= 3.2.3.
Explanation of Vulnerability in Simple Terms
02Summary
The WooCommerce Registration Fields Plugin allows authenticated users with low privileges to read sensitive data, modify site content, and disrupt service. The vulnerability stems from insufficient permission checks in the plugin's core functionality. An attacker with a basic user account can exploit this without user interaction. Sites running version 3.2.3 or earlier are affected.
What an attacker can do
03Attacker Capabilities
Read sensitive data, modify content, and disrupt the site's availability with a low-privilege user account.
Potential impact on your site
04Site Impact
Any registered user can access restricted data, alter site content, or cause downtime without admin approval.
Conditions required to exploit
05Prerequisites
Attacker must have a valid low-privilege user account on the site; no user interaction required.
Key dates
06Disclosure timeline
October 22, 2025
CVE published
April 28, 2026
Record updated