Skip to main content

Product Specifications WooCommerce EUVDEUVD-2026-39951

| CVE-2026-11364 MEDIUM
Missing Authorization (CWE-862)
2026-06-27 Wordfence GHSA-jw2p-w93r-295r
4.3
CVSS 3.1 · Vendor: Wordfence
Share

Severity by source

Vendor (Wordfence) PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
vuln.today AI
4.3 MEDIUM

Network-reachable via AJAX (AV:N), requires subscriber authentication (PR:L), affects only taxonomy data integrity with no confidentiality or availability loss.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (Wordfence).

CVSS VectorVendor: Wordfence

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

2
Analysis Generated
Jun 27, 2026 - 07:55 vuln.today
CVE Published
Jun 27, 2026 - 06:50 cve.org
MEDIUM 4.3

DescriptionCVE.org

The Product Specifications for WooCommerce plugin for WordPress is vulnerable to unauthorized modification, creation, and deletion of data in versions up to and including 0.8.9. This is due to a missing capability check and missing nonce verification in the __invoke() methods of the AttributeGroupController and AttributeController classes, which are bound to the 'dwps_modify_groups' and 'dwps_modify_attributes' AJAX actions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create, edit, and delete arbitrary product specification groups and attributes (taxonomy terms in the 'spec-group' and attribute taxonomies), corrupting business data and impacting the site's frontend display.

AnalysisAI

Unauthorized taxonomy manipulation in the Product Specifications for WooCommerce WordPress plugin (versions up to and including 0.8.9) exposes AJAX endpoints that any authenticated subscriber can invoke without authorization checks or CSRF protection, enabling arbitrary creation, modification, and deletion of product specification groups and attributes. The affected AJAX actions 'dwps_modify_groups' and 'dwps_modify_attributes' - bound to the __invoke() methods of AttributeGroupController and AttributeController - operate on 'spec-group' and attribute taxonomy terms, meaning successful exploitation directly corrupts WooCommerce store business data and breaks frontend product display. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Register subscriber account on target store
Delivery
POST to wp-admin/admin-ajax.php with action=dwps_modify_groups
Exploit
Bypass missing capability check and nonce verification
Execution
Invoke AttributeGroupController __invoke() method
Persist
Delete or corrupt spec-group taxonomy terms
Impact
Degrade WooCommerce product catalog display

Vulnerability AssessmentAI

Exploitation Requires an authenticated WordPress session at Subscriber level or above - exploitation is not possible by unauthenticated visitors. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 score of 4.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) accurately reflects this as a medium-low severity issue. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker registers a free subscriber account on a WooCommerce store running the vulnerable plugin (or uses a compromised low-privilege account), then sends a crafted HTTP POST to wp-admin/admin-ajax.php with action=dwps_modify_groups or action=dwps_modify_attributes and arbitrary taxonomy term parameters. Because no capability check or nonce is enforced, the server processes the request as a privileged operation, allowing the attacker to delete all product specification groups or corrupt attribute taxonomy terms, breaking frontend product display across the entire store. …
Remediation Update the Product Specifications for WooCommerce plugin to the latest available version beyond 0.8.9; a fix changeset has been committed to the WordPress plugin repository (referenced at plugins.trac.wordpress.org/changeset with changeset 3580068), though the exact released fixed version number is not independently confirmed from the provided data - verify the current version in the WordPress plugin directory before updating. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-39951 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy