CVE-2026-25443
Missing Authorization in Dotstore Fraud Prevention for WooCommerce
Publication date: 2026-03-19
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| patchstack | fraud_prevention_for_woocommerce | From 2.3.0 (inc) to 2.3.3 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-25443 is a high-priority vulnerability in the WordPress Fraud Prevention For Woocommerce Plugin versions up to and including 2.3.3. It is a Missing Authorization vulnerability that allows unauthenticated attackers to exploit incorrectly configured access control security levels.
Specifically, this vulnerability enables attackers to perform arbitrary content deletion on affected websites, meaning they can delete website content such as pictures, posts, or pages without proper authorization.
This issue is classified under OWASP Top 10 A1: Broken Access Control and has a CVSS severity score of 7.5, indicating a high risk.
How can this vulnerability impact me? :
This vulnerability can have a significant impact by allowing attackers to delete important website content such as images, posts, or pages without any authentication.
Such unauthorized deletion can lead to loss of critical data, disruption of website services, damage to reputation, and potential loss of business or user trust.
Because the vulnerability is exploitable remotely without any user interaction or privileges, it poses a high risk to any website using the affected plugin versions.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
This vulnerability allows unauthenticated attackers to perform arbitrary content deletion on websites using the Fraud Prevention For Woocommerce plugin versions up to 2.3.3.
Immediate mitigation steps include applying the mitigation rule issued by Patchstack to block attacks exploiting this vulnerability until an official patch is available.
Users are strongly advised to update the plugin as soon as a patch is released.
If an official patch is not yet available, seek assistance from hosting providers or web developers to apply temporary mitigations.