CVE-2023-47694
Description
Missing Authorization vulnerability in appsbd Mini Cart Drawer For WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mini Cart Drawer For WooCommerce: from n/a through 4.0.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Missing authorization in Mini Cart Drawer For WooCommerce allows unprivileged users to perform higher-privileged actions; update to 4.0.1.
The Mini Cart Drawer For WooCommerce plugin for WordPress contains a missing authorization vulnerability, classified as a broken access control issue. Versions through 4.0.0 fail to properly enforce access controls, allowing unprivileged users to execute functions that should require higher privileges [1].
Exploitation requires a privileged user to perform an action, such as clicking a malicious link, visiting a crafted page, or submitting a form. This user interaction is necessary for the attack to succeed, meaning the vulnerability is not directly exploitable by unauthenticated attackers [1].
If successfully exploited, an attacker with lower privileges can perform actions reserved for higher-privileged users, potentially leading to unauthorized modifications or data exposure within the WooCommerce environment [1].
The vulnerability has been addressed in version 4.0.1 of the plugin. Users are strongly advised to update immediately. Patchstack users can enable auto-updates for vulnerable plugins to ensure protection [1].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=4.0.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.