What the vulnerability does
01Description
Missing Authorization vulnerability in theme funda Show Variations as Single Products Woocommerce woo-show-single-variations-shop-category allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Show Variations as Single Products Woocommerce: from n/a through <= 2.0.
Explanation of Vulnerability in Simple Terms
02Summary
The Show Variations as Single Products WooCommerce extension through version 2.0 lacks proper authorization checks, allowing unauthenticated attackers to modify product data. An attacker can send network requests to alter product information without needing to log in or interact with a user. Site owners should update to a version newer than 2.0 immediately.
What an attacker can do
03Attacker Capabilities
Modify WooCommerce product data without authentication.
Potential impact on your site
04Site Impact
Product information can be altered by anyone, potentially disrupting sales or displaying incorrect details.
Conditions required to exploit
05Prerequisites
Network access to the site; no login or user interaction required.
Key dates
06Disclosure timeline
November 21, 2025
CVE published
April 28, 2026
Record updated