A critical broken access control vulnerability in the Stylish Cost Calculator plugin allows unauthenticated attackers to bypass security restrictions, posing a significant risk of unauthorized system interaction.

This vulnerability is a broken access control flaw that permits unauthenticated actors to interact with protected plugin functions. The lack of proper authorization checks allows attackers to manipulate cost calculation settings or perform unauthorized operations without a valid session.

Successful exploitation of this vulnerability could lead to unauthorized modification of pricing data, potential financial discrepancies, or the exposure of internal configuration details. Given the CVSS score of 7.5, this high-severity flaw represents a significant risk to the integrity and availability of e-commerce operations, potentially resulting in direct financial loss or reputational damage.

Immediate Action: Update the Stylish Cost Calculator plugin to the latest version as provided by the vendor to remediate the access control flaw.

Proactive Monitoring: Review web server access logs for anomalous, unauthorized requests targeting the plugin’s specific functional endpoints.

Compensating Controls: Implement a Web Application Firewall (WAF) rule to block suspicious requests that attempt to access plugin configuration pages without proper authentication.

Public Exploit Available: false

Organizations utilizing this plugin must prioritize patching immediately. The ability for unauthenticated users to bypass access controls necessitates an urgent response to prevent potential data manipulation or service disruption. Ensure that all plugin updates are tested in a staging environment before deployment to production systems.