CVE-2025-29001
Description
Missing Authorization vulnerability in ZoomIt WooCommerce Shop Page Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooCommerce Shop Page Builder: from n/a through 2.27.7.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A missing authorization vulnerability in the WooCommerce Shop Page Builder plugin (≤2.27.7) allows unauthenticated attackers to exploit incorrectly configured access controls.
The WooCommerce Shop Page Builder plugin for WordPress, up to version 2.27.7, contains a Missing Authorization vulnerability. This flaw stems from an incorrectly configured access control security level, specifically a broken access control issue where a function lacks proper authorization, authentication, or nonce token checks [1].
An unauthenticated attacker can exploit this vulnerability by sending crafted requests to the affected plugin endpoint, bypassing intended privilege checks. No authentication is required, making the attack surface wide for any site running the vulnerable plugin version [1].
Successful exploitation allows an attacker to execute certain higher-privileged actions without authorization. According to the reference, vulnerabilities like this are commonly used in mass-exploit campaigns to target thousands of websites simultaneously, regardless of site popularity or traffic [1].
The plugin vendor has patched this issue in a later release; users are strongly advised to update to the latest version immediately. If updating is not possible, consulting a hosting provider or web developer for mitigation assistance is recommended [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.