Woocommerce Anti Fraud
Monthly
Unauthenticated broken access control in the WooCommerce Anti-Fraud WordPress plugin by OPMC (versions ≤ 7.2.6) allows remote unauthenticated attackers to perform unauthorized actions against the anti-fraud layer of WooCommerce stores. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms no credentials or user interaction are required, and CWE-862 (Missing Authorization) identifies the root cause as absent capability or permission checks on one or more plugin endpoints. With integrity (I:L) and availability (A:L) impacts, attackers could potentially interfere with or circumvent fraud detection logic, enabling fraudulent orders to pass undetected or disrupting store operations. No public exploit code has been identified and CISA KEV listing is absent at time of analysis.
Unauthenticated broken access control in the WooCommerce Anti-Fraud WordPress plugin by OPMC (versions ≤ 7.2.6) allows remote unauthenticated attackers to perform unauthorized actions against the anti-fraud layer of WooCommerce stores. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms no credentials or user interaction are required, and CWE-862 (Missing Authorization) identifies the root cause as absent capability or permission checks on one or more plugin endpoints. With integrity (I:L) and availability (A:L) impacts, attackers could potentially interfere with or circumvent fraud detection logic, enabling fraudulent orders to pass undetected or disrupting store operations. No public exploit code has been identified and CISA KEV listing is absent at time of analysis.