CVE-2025-47526
Description
Missing Authorization vulnerability in GS Plugins GS Variation Swatches for WooCommerce gs-woo-variation-swatches allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GS Variation Swatches for WooCommerce: from n/a through <= 3.0.4.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Missing authorization vulnerability in GS Variation Swatches for WooCommerce plugin allows unprivileged users to exploit incorrectly configured access control.
The GS Variation Swatches for WooCommerce plugin suffers from a missing authorization vulnerability that allows incorrect access control security levels to be exploited. The plugin lacks proper authorization checks on certain functions, enabling unauthenticated or low-privileged users to perform actions intended for higher-privileged roles [1].
Attackers can exploit this vulnerability without requiring authentication by sending crafted requests to affected endpoints. This vulnerability is known to be used in mass-exploit campaigns, where attackers target thousands of websites regardless of their size or popularity [1].
Successful exploitation could allow an attacker to modify product variation settings, access sensitive data, or execute other unauthorized actions within the WooCommerce environment. The impact is considered medium severity with a CVSS score of 5.4 [1].
The vulnerability has been patched in version 3.0.5 of the plugin. Users are strongly advised to update to this version or later to mitigate the risk. For sites unable to update immediately, consulting a web developer or hosting provider for assistance is recommended [1].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.