CVE-2025-69381
Awaiting Analysis Awaiting Analysis - Queue
Missing Authorization in WooCommerce Bulk Product Editor Allows Unauthorized Access

Publication date: 2026-02-20

Last updated on: 2026-02-25

Assigner: Patchstack

Description
Missing Authorization vulnerability in vanquish WooCommerce Bulk Product Editor woocommerce-quick-product-editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Bulk Product Editor: from n/a through <= 3.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-20
Last Modified
2026-02-25
Generated
2026-06-16
AI Q&A
2026-02-20
EPSS Evaluated
2026-06-14
NVD
CVE-2025-69381
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
patchstack woocommerce_bulk_product_editor to 3.0 (inc)
vanquish woocommerce_bulk_product_editor to 3.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-69381 is a Broken Access Control vulnerability in the WordPress WooCommerce Bulk Product Editor Plugin (versions up to and including 3.0). It occurs due to missing authorization, authentication, or nonce token checks in certain plugin functions.

This flaw allows unprivileged users, such as those with Subscriber or Developer roles, to perform actions that should be restricted to higher privileged users.

The vulnerability is classified under the OWASP Top 10 category A1: Broken Access Control.

Impact Analysis

[{'type': 'paragraph', 'content': 'This vulnerability can allow unauthorized users to perform privileged actions within the WooCommerce Bulk Product Editor plugin, potentially leading to unauthorized changes to product data or other sensitive operations.'}, {'type': 'paragraph', 'content': "Because unprivileged users can exploit this flaw, it increases the risk of data manipulation, unauthorized access, and potential compromise of the website's integrity."}, {'type': 'paragraph', 'content': 'The vulnerability has a CVSS score of 7.1, indicating moderate severity and a reasonable likelihood of exploitation.'}, {'type': 'paragraph', 'content': 'No official patch is currently available, but a mitigation rule from Patchstack can be applied to block attacks targeting this vulnerability until a patch is released.'}] [1]

Compliance Impact

I don't know

Detection Guidance

There is no specific information provided about detection commands or methods for this vulnerability in the available resources.

Mitigation Strategies

Since no official patch is currently available for CVE-2025-69381, immediate mitigation involves applying the mitigation rule issued by Patchstack to block attacks targeting this vulnerability.

Users are advised to implement this mitigation promptly to protect their websites from exploitation due to missing authorization checks in the WooCommerce Bulk Product Editor plugin versions up to 3.0.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-69381. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart