CVE-2025-39571
Description
Missing authorization in WowStore plugin ≤4.2.4 allows unauthorized access to product blocks functionality.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Missing authorization in WowStore plugin ≤4.2.4 allows unauthorized access to product blocks functionality.
Vulnerability
Missing Authorization vulnerability in WPXPO WowStore plugin (product-blocks) for WordPress. The flaw exists in versions from n/a through 4.2.4, where improperly configured access controls fail to enforce capability checks for certain product block operations [1].
Exploitation
An attacker with low-level privileges (e.g., subscriber role) can exploit this by sending HTTP requests to the vulnerable endpoints without proper authorization. No user interaction or elevated privileges are required.
Impact
Successful exploitation enables unauthorized access to product block settings and potentially other administrative capabilities, leading to information disclosure or unauthorized modification of WooCommerce product displays.
Mitigation
The affected version range ends at 4.2.4. Users should update to the latest version available from the WordPress plugin repository (currently 4.4.15 as per the reference [1]). No specific fix version is disclosed in the available references.
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.