Description
The Ni WooCommerce Customer Product Report plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ni_woocpr_action() function in all versions up to, and including, 1.2.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update plugin settings.
Problem types
Product status
*
Timeline
2025-08-22: | Disclosed |
Credits
ch4r0n
References
www.wordfence.com/...-9d31-482a-92b9-b1e8201d45f1?source=cve
wordpress.org/...ins/ni-woocommerce-customer-product-report/