CVE-2025-22318
Published: 21 January 2025
Description
Missing Authorization vulnerability in enituretechnology Standard Box Sizes – for WooCommerce standard-box-sizes.This issue affects Standard Box Sizes – for WooCommerce: from n/a through <= 1.6.13.
Security Summary
CVE-2025-22318 is a Missing Authorization vulnerability (CWE-862) in the Standard Box Sizes for WooCommerce plugin developed by enituretechnology. This issue affects the standard-box-sizes plugin for WordPress from unknown initial versions (n/a) through version 1.6.13. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N), reflecting high severity due to its network accessibility and integrity impact.
An unauthenticated attacker can exploit this vulnerability remotely over the network with low attack complexity and no requirement for user interaction. Exploitation bypasses authorization controls, enabling the attacker to perform unauthorized actions that compromise data integrity, such as modifying plugin-related configurations or resources within a vulnerable WordPress site running the affected plugin version.
The Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/standard-box-sizes/vulnerability/wordpress-standard-box-sizes-plugin-1-6-12-broken-access-control-vulnerability?_s_id=cve documents the vulnerability, referring to it as a broken access control issue in version 1.6.12 and providing details relevant to mitigation for affected installations.
Details
- CWE(s)