Access Control Misconfiguration in WPFactory EAN for WooCommerce
CVE-2025-22673

4.3MEDIUM

Key Information:

Vendor: WPfactory
Status: Ean For WooCommerce
Vendor: CVE Published:; 27 March 2025

What is CVE-2025-22673?

The vulnerability in WPFactory EAN for WooCommerce stems from a missing authorization feature that leads to improperly configured access control security levels. This flaw potentially grants unauthorized users access to restricted functionalities, posing a significant risk for online merchants utilizing this plugin. Users are urged to update to the latest versions to mitigate the chances of exploitation.

Affected Version(s)

EAN for WooCommerce <= 5.3.5

References

https://patchstack.com/database/wordpress/plugin/ean-for-...

vdb-entry

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 27, 2025
Vulnerability Reserved
Jan 7, 2025

Credit

Peter Thaleikis (Patchstack Alliance)