CVE-2025-68993

The Share, Print and PDF Products for WooCommerce plugin (versions up to and including 3.1.2) contains a missing authorization vulnerability. The root cause is a broken access control issue where the plugin fails to properly verify user permissions or enforce access rights for certain functions, allowing unprivileged users to perform actions intended for higher-privileged roles [1].

Exploitation requires an authenticated user account, but no special privileges are needed. The vulnerability is triggered by sending crafted requests to the plugin's endpoints that lack proper nonce or capability checks. This type of flaw is commonly targeted in mass-exploit campaigns against WordPress sites [1].

An attacker who successfully exploits this vulnerability can execute higher-privileged actions, such as modifying plugin settings or accessing restricted features, without authorization. The impact is limited to the affected by the specific functions exposed, but the lack of access control can lead to unauthorized data exposure or configuration changes [1].

As an immediate mitigation, users should update the plugin to a patched version of the plugin if available. If an update is not possible, site administrators should consult their hosting provider or web developer to apply workarounds, such as restricting access to the plugin's endpoints via server-level rules [1].