What the vulnerability does
01Description
Missing Authorization vulnerability in Saiful Islam Sync Master Sheet – Product Sync with Google Sheet for WooCommerce product-sync-master-sheet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sync Master Sheet – Product Sync with Google Sheet for WooCommerce: from n/a through <= 1.1.3.
Explanation of Vulnerability in Simple Terms
02Summary
The Sync Master Sheet plugin for WooCommerce versions 1.1.3 and earlier lack proper authorization checks on critical functions. An unauthenticated attacker can modify product data synchronized with Google Sheets without permission. This affects all WooCommerce sites running the vulnerable plugin, allowing unauthorized changes to product information.
What an attacker can do
03Attacker Capabilities
Modify product data synced with Google Sheets without authentication.
Potential impact on your site
04Site Impact
Attackers can alter product names, prices, descriptions, and other data without your knowledge or permission.
Conditions required to exploit
05Prerequisites
Network access to the site; no authentication or user interaction required.
Key dates
06Disclosure timeline
February 20, 2026
CVE published
April 28, 2026
Record updated