Executive Summary

The WordPress Shoppable Images Lite Plugin, versions 1.3 and below, contains a Broken Access Control vulnerability. This means that users with low-level permissions, such as those with a Subscriber role, can perform actions that should be restricted to higher-privileged users. The issue arises due to missing authorization, authentication, or nonce token checks.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability allows unprivileged users to perform higher-privileged actions, potentially compromising the security of your WordPress site. Although the severity is considered low (CVSS score 4.3), it can be exploited in mass campaigns affecting many websites. This could lead to unauthorized changes or access within your site.

Users are advised to update to version 1.3.1 or later immediately to mitigate this risk. If updating is not possible, assistance from hosting providers or web developers is recommended.

Useful 0 Not Useful 0

Mitigation Strategies

The immediate step to mitigate this vulnerability is to update the WordPress Shoppable Images Lite Plugin to version 1.3.1 or later, which contains the patch that resolves the broken access control issue.

If updating is not possible immediately, users should seek assistance from their hosting provider or web developer.

Additionally, Patchstack users can enable auto-updates for vulnerable plugins to ensure timely patching.

Useful 0 Not Useful 0

Compliance Impact

The provided information does not specify how the Broken Access Control vulnerability in Shoppable Images Lite versions 1.3 and below directly affects compliance with common standards and regulations such as GDPR or HIPAA.

Useful 0 Not Useful 0