A high-severity broken access control vulnerability in the Subscriptions for WooCommerce plugin allows unauthenticated attackers to bypass security restrictions and potentially access sensitive subscription data.

This is a broken access control vulnerability that does not require authentication. An attacker can exploit this flaw to perform unauthorized actions or access data that should be restricted to authorized users.

The exploitation of this vulnerability could lead to the unauthorized exposure of customer subscription information, impacting data privacy and regulatory compliance. Given the CVSS score of 7.5, the risk of unauthorized data access is significant, potentially resulting in reputational damage and loss of customer trust.

Immediate Action: Verify if your plugin version is affected and apply security updates provided by the vendor immediately.

Proactive Monitoring: Review web server and application access logs for unusual patterns or requests targeting subscription-related endpoints.

Compensating Controls: Implement a Web Application Firewall (WAF) rule to block suspicious requests targeting plugin-specific paths until a patch can be applied.

Public Exploit Available: false

Given the unauthenticated nature of this vulnerability, immediate action is required to secure affected installations. Administrators should prioritize updating the plugin to the latest version and auditing logs to ensure no unauthorized access has already occurred.