Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Network-reachable via AJAX (AV:N), requires subscriber authentication (PR:L), affects only taxonomy data integrity with no confidentiality or availability loss.
Primary rating from Vendor (Wordfence).
CVSS VectorVendor: Wordfence
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
The Product Specifications for WooCommerce plugin for WordPress is vulnerable to unauthorized modification, creation, and deletion of data in versions up to and including 0.8.9. This is due to a missing capability check and missing nonce verification in the __invoke() methods of the AttributeGroupController and AttributeController classes, which are bound to the 'dwps_modify_groups' and 'dwps_modify_attributes' AJAX actions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create, edit, and delete arbitrary product specification groups and attributes (taxonomy terms in the 'spec-group' and attribute taxonomies), corrupting business data and impacting the site's frontend display.
AnalysisAI
Unauthorized taxonomy manipulation in the Product Specifications for WooCommerce WordPress plugin (versions up to and including 0.8.9) exposes AJAX endpoints that any authenticated subscriber can invoke without authorization checks or CSRF protection, enabling arbitrary creation, modification, and deletion of product specification groups and attributes. The affected AJAX actions 'dwps_modify_groups' and 'dwps_modify_attributes' - bound to the __invoke() methods of AttributeGroupController and AttributeController - operate on 'spec-group' and attribute taxonomy terms, meaning successful exploitation directly corrupts WooCommerce store business data and breaks frontend product display. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Requires an authenticated WordPress session at Subscriber level or above - exploitation is not possible by unauthenticated visitors. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 score of 4.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) accurately reflects this as a medium-low severity issue. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker registers a free subscriber account on a WooCommerce store running the vulnerable plugin (or uses a compromised low-privilege account), then sends a crafted HTTP POST to wp-admin/admin-ajax.php with action=dwps_modify_groups or action=dwps_modify_attributes and arbitrary taxonomy term parameters. Because no capability check or nonce is enforced, the server processes the request as a privileged operation, allowing the attacker to delete all product specification groups or corrupt attribute taxonomy terms, breaking frontend product display across the entire store. … |
| Remediation | Update the Product Specifications for WooCommerce plugin to the latest available version beyond 0.8.9; a fix changeset has been committed to the WordPress plugin repository (referenced at plugins.trac.wordpress.org/changeset with changeset 3580068), though the exact released fixed version number is not independently confirmed from the provided data - verify the current version in the WordPress plugin directory before updating. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39951
GHSA-jw2p-w93r-295r