CVE-2025-31854

Vulnerability

The Simple Sticky Add To Cart For WooCommerce plugin for WordPress (versions through 1.4.9) is vulnerable to a Missing Authorization weakness. The plugin fails to properly check access control security levels before performing certain actions, allowing exploitation of incorrectly configured access control [1]. This issue affects all versions from n/a through 1.4.9.

Exploitation

An attacker needs no authentication or special privileges to exploit this vulnerability. By sending crafted requests, an attacker can leverage the missing authorization checks to perform actions that should require higher privileges [1]. The exact sequence of steps is not detailed in the available references, but the vulnerability is classified as an Exploiting Incorrectly Configured Access Control Security Levels issue.

Impact

Successful exploitation allows an attacker to bypass access controls and perform unauthorized actions within the plugin's context [1]. The Specific impacts depend on the exact unprotected functionality but could include unauthorized modification of plugin settings or other improper operations. The vulnerability has a CVSS v3 base score of 4.3 (Medium severity).

Mitigation

Not yet disclosed in the available references. No fixed version has been announced as of the publication date (2025-04-01) [1]. Users should monitor the plugin's update channel for a patched release.