CVE-2025-50008: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability (CVE-2025-50008) was discovered in the WooCommerce Manager plugin for WordPress, affecting versions through 1.2.4.5. The vulnerability was reported on May 20, 2025, and publicly disclosed on June 19, 2025. This security issue impacts the plugin's functionality related to cart page customization, Add to Cart button, and checkout fields (Wiz, NVD).

The vulnerability is classified as a Missing Authorization (CWE-862) issue that allows exploiting incorrectly configured access control security levels. The CVSS v3.1 base score is 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L (NVD, Patchstack).

The vulnerability could allow unprivileged users to execute certain higher privileged actions due to broken access control mechanisms. The impact is considered low to medium severity, primarily affecting the integrity and availability of the system (Patchstack).

No official fix is available for this vulnerability. The recommended mitigation is to remove and replace the software with an alternative solution, as the plugin is considered abandoned and unlikely to receive further updates or security fixes (Patchstack).