CVE-2025-47463
BaseFortify
Publication date: 2025-06-09
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-47463 is a Broken Access Control vulnerability in the Stock Locations for WooCommerce plugin (versions up to 2.8.6). It allows users with low-level privileges (such as Subscribers) to perform actions that should require higher privileges due to missing authorization and authentication checks in certain functions. This means unauthorized users can exploit the plugin to perform restricted actions, potentially compromising the security of the system. The issue is fixed in version 2.8.7. [1]
How can this vulnerability impact me? :
This vulnerability can allow low-privileged users to perform unauthorized actions within the WooCommerce Stock Locations plugin, potentially leading to unauthorized changes or disruptions. Although it does not impact confidentiality, it can affect the integrity and availability of the system, as indicated by the CVSS score. Attackers may automate exploitation attempts, which could result in service disruption or unauthorized modifications until the plugin is updated or mitigated. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for unauthorized actions performed by low-privilege users (Subscriber level) that should require higher privileges. Since the vulnerability allows broken access control, you can look for unusual access patterns or privilege escalation attempts in your WooCommerce Stock Locations plugin logs. Specific commands are not provided in the resources, but general steps include reviewing web server logs for suspicious POST or GET requests targeting the Stock Locations plugin endpoints, and using server-side malware scanning tools as recommended. Plugin-based malware scanners are not reliable as attackers can tamper with them. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the Stock Locations for WooCommerce plugin to version 2.8.7 or later, where the vulnerability is fixed. If updating immediately is not possible, applying Patchstack's virtual patch (vPatch) is recommended to block exploitation attempts until the official update can be applied. Additionally, enabling Patchstack's auto-update feature for vulnerable plugins can help prevent exploitation. In case of suspected compromise, professional incident response and server-side malware scanning should be conducted. [1]