What the vulnerability does
01Description
Unauthenticated Broken Access Control in AI Product Search for WooCommerce – Motive Commerce Search <= 1.38.2 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
What the vulnerability does
Unauthenticated Broken Access Control in AI Product Search for WooCommerce – Motive Commerce Search <= 1.38.2 versions.
Explanation of Vulnerability in Simple Terms
The AI Product Search for WooCommerce plugin fails to properly check user permissions before allowing certain actions. An attacker without authentication can modify site data and disrupt service availability. The vulnerability affects versions up to 1.38.2. Site owners should update immediately to a patched version.
What an attacker can do
Modify site data and cause service disruptions without logging in.
Potential impact on your site
Attackers can alter product search data and make the plugin unavailable to customers.
Conditions required to exploit
Network access only; no authentication or user interaction required.
Key dates
External resources
Related vulnerabilities