Medium severity4.3NVD Advisory· Published May 27, 2026· Updated May 27, 2026No known patch

CVE-2022-41656

No known patch is available for this vulnerability.

The affected plugin has not been updated on WordPress.org since before this CVE was disclosed; the latest installable version is still vulnerable. If you have the affected software installed, you should uninstall or replace it rather than wait for an update.

CVE-2022-41656

Description

Missing Authorization vulnerability in Bizswoop Account Manager for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects Account Manager for WooCommerce: from n/a through 2.1.2.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Missing authorization in Bizswoop Account Manager for WooCommerce up to 2.1.2 allows unprivileged users to exploit incorrectly configured access controls.

Vulnerability

Missing Authorization vulnerability in Bizswoop’s Account Manager for WooCommerce plugin (versions through 2.1.2). The plugin fails to properly check permissions, allowing exploitation of incorrectly configured access control security levels. [1]

Exploitation

An attacker with no privileges can exploit this by sending specially crafted requests to the plugin’s functions that lack authorization checks. The vulnerability is expected to be used in mass-exploit campaigns targeting thousands of sites. [1]

Impact

Successful exploitation allows an unprivileged user to perform higher-privileged actions, potentially gaining unauthorized access to sensitive data or functions in the WooCommerce environment. The CVSS score is 4.3 (Medium). [1]

Mitigation

Update to a version beyond 2.1.2. Patchstack indicates immediate action is to update the plugin. If unable to update, seek assistance from hosting provider or web developer. [1]

References

Broken Access Control in WordPress Account Manager for WooCommerce Plugin

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

WordPress/Account Manager Woocommerceinferred2 versions
<=2.1.2+ 1 more
- (no CPE)range: <=2.1.2
- (no CPE)range: <=2.1.2
Package: https://wordpress.org/plugins/account-manager-woocommerce

Patches

Plugin abandonedAccount Manager for WooCommerceaccount-manager-woocommerce

This plugin appears unmaintained — its last release on WordPress.org predates this CVE's publication, so no fix has been shipped since the vulnerability was disclosed. The latest installable version is still vulnerable. Users should uninstall it or switch to an actively-maintained alternative.

Source: api.wordpress.org · directory page

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

patchstack.com/database/wordpress/plugin/account-manager-woocommerce/vulnerability/wordpress-account-manager-for-woocommerce-plugin-2-0-19-broken-access-control-vulnerabilitynvd

News mentions

No linked articles in our index yet.

cvss	0.280
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000