The AI Product Search for WooCommerce plugin is vulnerable to an unauthenticated broken access control flaw that could allow unauthorized users to manipulate search configurations or access restricted data.

This is a broken access control vulnerability occurring within the plugin's search implementation. Because the flaw is unauthenticated, a remote attacker can interact with vulnerable functions without requiring any valid user credentials.

The exploitation of this vulnerability poses a significant risk to data integrity and internal site operations. With a CVSS score of 8.2 (High), this flaw could allow unauthorized actors to exfiltrate proprietary product data or manipulate search results to facilitate phishing or traffic redirection, leading to potential reputational damage and loss of consumer trust.

Immediate Action: Identify if the plugin is currently installed and update to the latest patched version provided by Motive as soon as it becomes available.

Proactive Monitoring: Review web server and application access logs for unusual request patterns, specifically targeting search-related API endpoints or unexpected query strings.

Compensating Controls: Deploy a Web Application Firewall (WAF) with rules configured to block suspicious or unauthorized requests directed at plugin-specific search endpoints.

Public Exploit Available: false

Given the High severity of this vulnerability and the lack of required authentication for exploitation, immediate action is required. Organizations utilizing the AI Product Search for WooCommerce plugin should prioritize testing and applying the vendor's security update as soon as it is released. Until a patch is applied, ensure that access to the affected site is strictly monitored and that WAF rules are tuned to mitigate unauthorized search-related requests.