What the vulnerability does
01Description
Missing Authorization vulnerability in Jose Vega WooCommerce Bulk Edit Products – WP Sheet Editor woo-bulk-edit-products allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Bulk Edit Products – WP Sheet Editor: from n/a through <= 1.8.21.
Explanation of Vulnerability in Simple Terms
02Summary
WooCommerce Bulk Edit Products – WP Sheet Editor versions up to 1.8.21 lack proper authorization checks on certain administrative functions. A high-privileged user (such as a site administrator) can modify product data without proper permission validation. This allows unauthorized changes to product information within the scope of their role.
What an attacker can do
03Attacker Capabilities
Modify product data without proper authorization checks.
Potential impact on your site
04Site Impact
Administrators or high-privileged users can alter product information beyond their intended scope.
Conditions required to exploit
05Prerequisites
Attacker must have high-level administrative privileges on the WordPress site.
Key dates
06Disclosure timeline
July 13, 2026
CVE published
July 13, 2026
Record updated