CVE-2025-31830

Vulnerability

A missing authorization vulnerability exists in the Printus plugin for WooCommerce (printus-cloud-printing-for-woocommerce) versions from n/a through 1.2.6. The plugin fails to properly enforce access control checks on certain endpoints or actions, allowing users with insufficient privileges to access restricted functionality.

Exploitation

An attacker who is authenticated as a low-privileged user (e.g., subscriber or customer) can exploit this by directly calling the vulnerable endpoints or performing actions that should be limited to higher roles such as shop managers or administrators. No special network position is required; the attacker only needs access to the WordPress site.

Impact

Successful exploitation allows the attacker to perform unauthorized actions, such as printing orders, viewing sensitive order data, or modifying print settings. This could lead to information disclosure of customer details and order contents, as well as potential disruption of normal printing operations.

Mitigation

The vulnerability is fixed in version 2.0.3 of Printus, as indicated in the WordPress plugin repository [1]. Users are strongly advised to update to this version immediately. If updating is not possible, consider restricting access to the plugin's functionality via role management or other security plugins until an upgrade can be performed.