CVE-2025-22667
Description
Missing authorization in WooCommerce Google Sheets export plugin (<=1.8.2) allows unauthenticated data exfiltration.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Missing authorization in WooCommerce Google Sheets export plugin (<=1.8.2) allows unauthenticated data exfiltration.
Vulnerability
The Export Order, Product, Customer & Coupon for WooCommerce to Google Sheets plugin (wpsyncsheets-woocommerce) versions <= 1.8.2 suffers from a missing authorization vulnerability. The plugin fails to enforce proper permission checks on AJAX actions or API endpoints, allowing any user—including unauthenticated visitors—to trigger exports of sensitive WooCommerce data.
Exploitation
An attacker can send crafted HTTP requests to the vulnerable endpoints without any authentication. The plugin exposes functionality intended only for administrators but does not validate user capabilities. No user interaction or prior access is required; only network connectivity to the WordPress site is needed.
Impact
Successful exploitation enables an attacker to export orders, products, customers, and coupons to an attacker-controlled Google Sheet. This leads to disclosure of personally identifiable information (names, addresses, purchase histories) and other business-sensitive data, constituting a serious confidentiality breach.
Mitigation
The plugin has been updated to version 2.0.9 (as per [1]) which includes proper authorization checks. Users should upgrade immediately. No workarounds exist for versions <= 1.8.2.
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2<=1.8.2+ 1 more
- (no CPE)range: <=1.8.2
- (no CPE)range: <=1.8.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.