WordPress
CVE-2025-49888
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Lifecycle Timeline
4DescriptionCVE.org
Missing Authorization vulnerability in pimwick PW WooCommerce On Sale! pw-woocommerce-on-sale allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PW WooCommerce On Sale!: from n/a through <= 1.39.
AnalysisAI
Missing authorization in PW WooCommerce On Sale plugin up to version 1.39 allows attackers to exploit incorrectly configured access controls, potentially accessing restricted functionality without proper permission verification. This WordPress plugin vulnerability affects all versions through 1.39 and has low exploitation probability (EPSS 0.07%, percentile 22%), with no confirmed active exploitation or public exploit code identified at time of analysis.
Technical ContextAI
PW WooCommerce On Sale is a WordPress plugin that manages product sales functionality in WooCommerce stores. The vulnerability stems from CWE-862 (Missing Authorization), a flaw in access control logic where the plugin fails to properly verify user permissions before allowing access to sensitive operations or data. The root cause involves incorrectly configured security levels that do not enforce proper authentication or authorization checks on API endpoints, admin functions, or AJAX handlers. This allows attackers to bypass intended access restrictions, though the specific endpoint or functionality affected is not detailed in available disclosures.
Affected ProductsAI
PW WooCommerce On Sale plugin by pimwick is affected in all versions from initial release through version 1.39. The plugin is distributed via the WordPress plugin repository and affects WooCommerce-based e-commerce sites running WordPress. CPE data not provided in available intelligence, but the plugin can be identified as wordpress/plugin/pw-woocommerce-on-sale.
RemediationAI
Upgrade PW WooCommerce On Sale plugin to version 1.40 or later, which addresses the missing authorization vulnerability. Site administrators should navigate to Plugins > Installed Plugins in WordPress dashboard and click Update next to PW WooCommerce On Sale, or use the WordPress CLI command wp plugin update pw-woocommerce-on-sale. Verify the plugin functionality after upgrade, particularly any admin-level features or customer-facing sale controls. For detailed remediation information and patch confirmation, consult the Patchstack vulnerability database entry: https://patchstack.com/database/Wordpress/Plugin/pw-woocommerce-on-sale/vulnerability/wordpress-pw-woocommerce-on-sale-1-39-broken-access-control-vulnerability
The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail comman
The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1
The Hash Form - Drag & Drop Form Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing fil
The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all
The Simple File List plugin for WordPress through version 4.2.2 contains an unauthenticated remote code execution vulner
The AI Engine WordPress plugin through version 3.1.3 exposes Bearer Token values through the /mcp/v1/ REST API endpoint
The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via
The Business Directory Plugin - Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based
SQL injection in the NotificationX WordPress plugin (versions up to and including 2.8.2) allows unauthenticated remote a
The POST SMTP Mailer - Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress i
The MasterStudy LMS WordPress Plugin - for Online Courses and Education plugin for WordPress is vulnerable to union base
The Country State City Dropdown CF7 plugin for WordPress is vulnerable to SQL Injection via the ‘cnt’ and 'sid' paramete
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today