CVE-2025-29001: 
WordPress vulnerability analysis and mitigation

CVE-2025-29001 is a Missing Authorization vulnerability discovered in ZoomIt WooCommerce Shop Page Builder that allows exploiting incorrectly configured access control security levels. The vulnerability affects WooCommerce Shop Page Builder versions through 2.27.7. The issue was disclosed on July 4, 2025 (NVD, Patchstack).

The vulnerability is classified as a broken access control issue, which refers to a missing authorization, authentication, or nonce token check in a function that could allow an unprivileged user to execute certain higher privileged actions. The vulnerability has been assigned a CVSS v3.1 base score of 4.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N. The weakness is categorized as CWE-862 (Missing Authorization) (Patchstack).

The vulnerability has a low severity impact and is considered unlikely to be exploited. It requires subscriber-level privileges to exploit, potentially allowing unprivileged users to perform actions that should be restricted to users with higher privileges (Patchstack).

As of the disclosure date, no official fix is available for this vulnerability. The issue affects versions through 2.27.7, and no patched version has been released (Patchstack).