CVE-2026-24527
Missing Authorization in Autoship Cloud for WooCommerce
Publication date: 2026-05-25
Last updated on: 2026-05-25
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| patterns_in_the_cloud | autoship_cloud_for_woocommerce_subscription_products | to 2.14.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Missing Authorization issue in the Patterns in the cloud Autoship Cloud for WooCommerce Subscription Products. It allows attackers to exploit incorrectly configured access control security levels, meaning that certain actions or data may be accessible without proper permission checks.
How can this vulnerability impact me? :
The impact of this vulnerability is limited to integrity, as indicated by the CVSS score. An attacker with low privileges could exploit the missing authorization to perform unauthorized actions or modify data, potentially leading to incorrect or malicious changes within the affected WooCommerce subscription products.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability is a Missing Authorization issue in Autoship Cloud for WooCommerce Subscription Products, which allows exploiting incorrectly configured access control security levels.
Such access control weaknesses can potentially lead to unauthorized access or modification of subscription product data.
However, there is no specific information provided about the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.