{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25443", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-02-02T12:53:40.964Z", "datePublished": "2026-03-19T08:36:32.093Z", "dateUpdated": "2026-04-01T16:00:42.646Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers", "product": "Fraud Prevention For Woocommerce", "vendor": "Dotstore", "versions": [{"changes": [{"at": "2.3.4", "status": "unaffected"}], "lessThanOrEqual": "2.3.3", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Jarno Vos (jrn5151) | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:43:54.809Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in Dotstore Fraud Prevention For Woocommerce woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Fraud Prevention For Woocommerce: from n/a through <= 2.3.3.</p>"}], "value": "Missing Authorization vulnerability in Dotstore Fraud Prevention For Woocommerce woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fraud Prevention For Woocommerce: from n/a through <= 2.3.3."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-01T16:00:42.646Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers/vulnerability/wordpress-fraud-prevention-for-woocommerce-plugin-2-3-2-arbitrary-content-deletion-vulnerability?_s_id=cve"}], "title": "WordPress Fraud Prevention For Woocommerce plugin <= 2.3.3 - Arbitrary Content Deletion vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-19T13:56:26.700948Z", "id": "CVE-2026-25443", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-19T13:56:58.719Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-25443", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-19T13:56:26.700948Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-19T13:56:51.306Z"}}], "cna": {"tags": ["x_open-source"], "title": "WordPress Fraud Prevention For Woocommerce plugin <= 2.3.3 - Arbitrary Content Deletion vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Jarno Vos (jrn5151) | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Dotstore", "product": "Fraud Prevention For Woocommerce", "versions": [{"status": "affected", "version": "n/a", "versionType": "custom", "lessThanOrEqual": "2.3.3"}], "packageName": "woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "references": [{"url": "https://patchstack.com/database/wordpress/plugin/woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers/vulnerability/wordpress-fraud-prevention-for-woocommerce-plugin-2-3-2-arbitrary-content-deletion-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Dotstore Fraud Prevention For Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fraud Prevention For Woocommerce: from n/a through 2.3.3.", "supportingMedia": [{"type": "text/html", "value": "Missing Authorization vulnerability in Dotstore Fraud Prevention For Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Fraud Prevention For Woocommerce: from n/a through 2.3.3.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-03-19T08:36:32.093Z"}}}, "cveMetadata": {"cveId": "CVE-2026-25443", "state": "PUBLISHED", "dateUpdated": "2026-03-19T13:56:58.719Z", "dateReserved": "2026-02-02T12:53:40.964Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-03-19T08:36:32.093Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Dotstore Fraud Prevention For Woocommerce woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fraud Prevention For Woocommerce: from n/a through <= 2.3.3."}, {"lang": "es", "value": "Vulnerabilidad de Autorizaci\u00f3n Faltante en Dotstore Fraud Prevention For Woocommerce permite la Explotaci\u00f3n de Niveles de Seguridad de Control de Acceso Incorrectamente Configurados. Este problema afecta a Fraud Prevention For Woocommerce: desde n/a hasta 2.3.3."}], "id": "CVE-2026-25443", "lastModified": "2026-04-01T17:28:35.900", "metrics": {}, "published": "2026-03-19T09:16:17.453", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers/vulnerability/wordpress-fraud-prevention-for-woocommerce-plugin-2-3-2-arbitrary-content-deletion-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.3.3]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Fraud Prevention For Woocommerce", "source": "cna", "vendor": "Dotstore"}, "product": "fraud_prevention_for_woocommerce", "vendor": "dotstore"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-03-19T09:21:31.579227+00:00", "value": {"mitigation_remediation": ["Upgrade Dotstore Fraud Prevention For Woocommerce to the latest available version (2.3.4 or later) to eliminate the flaw.", "If an upgrade is not immediately possible, consider deactivating or uninstalling the plugin until a patch is applied.", "Ensure that only trusted administrator roles have access to the plugin\u2019s settings and that user roles are correctly configured.", "Regularly review site logs for unexpected content deletion events."], "summary": {"action": "Apply Patch", "impact": "Arbitrary Content Deletion"}, "threat_synthesis": {"affected_systems": "Dotstore Fraud Prevention For Woocommerce plugin, versions from the earliest released package through 2.3.3, are affected. Any site that has installed a vulnerable version of the plugin is at risk.", "description_and_impact": "The vulnerability is a missing authorization flaw that allows an attacker to delete arbitrary content from the WordPress site. Because access control levels are incorrectly configured, malicious actors can instruct the plugin to remove posts, pages, or other data. The impact is a loss of data integrity and potential disruption of site functionality, classified as a high\u2011impact content deletion weakness (CWE\u2011862).", "risk_and_exploitability": "The CVSS score of 7.5 indicates a high severity. The EPSS score is not available, and the vulnerability is currently not listed in the CISA KEV catalog. Because the flaw is a missing authorization condition, the required prerequisite appears to be an authenticated access that is not properly checked; the exact attack vector is not detailed in the vendor description, so it is inferred that an attacker who can reach the plugin\u2019s endpoints\u2014either via an authenticated session or through an exposed API\u2014could exploit the weakness. Given the severity and lack of mitigations in the vendor\u2019s documentation, the risk of exploitation remains significant."}}}}, "created": "2026-03-20T08:57:04.074837+00:00", "updated": "2026-03-20T14:15:18.459517+00:00", "vendors": ["dotstore", "dotstore$PRODUCT$fraud_prevention_for_woocommerce", "wordpress", "wordpress$PRODUCT$wordpress"]}