{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-62091", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2025-10-07T15:34:56.057Z", "datePublished": "2025-12-31T14:19:32.045Z", "dateUpdated": "2025-12-31T14:19:32.045Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "serial-codes-generator-and-validator", "product": "Serial Codes Generator and Validator with WooCommerce Support", "vendor": "Vollstart", "versions": [{"lessThanOrEqual": "2.8.2", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Jitlada | Patchstack Bug Bounty Program"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in Vollstart Serial Codes Generator and Validator with WooCommerce Support allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Serial Codes Generator and Validator with WooCommerce Support: from n/a through 2.8.2.</p>"}], "value": "Missing Authorization vulnerability in Vollstart Serial Codes Generator and Validator with WooCommerce Support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Serial Codes Generator and Validator with WooCommerce Support: from n/a through 2.8.2."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2025-12-31T14:19:32.045Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://vdp.patchstack.com/database/wordpress/plugin/serial-codes-generator-and-validator/vulnerability/wordpress-serial-codes-generator-and-validator-with-woocommerce-support-plugin-2-8-2-broken-access-control-vulnerability?_s_id=cve"}], "source": {"discovery": "EXTERNAL"}, "tags": ["x_open-source"], "title": "WordPress Serial Codes Generator and Validator with WooCommerce Support plugin <= 2.8.2 - Broken Access Control vulnerability", "x_generator": {"engine": "Vulnogram 0.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Vollstart Serial Codes Generator and Validator with WooCommerce Support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Serial Codes Generator and Validator with WooCommerce Support: from n/a through 2.8.2."}], "id": "CVE-2025-62091", "lastModified": "2025-12-31T15:15:52.300", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2025-12-31T15:15:52.300", "references": [{"source": "audit@patchstack.com", "url": "https://vdp.patchstack.com/database/wordpress/plugin/serial-codes-generator-and-validator/vulnerability/wordpress-serial-codes-generator-and-validator-with-woocommerce-support-plugin-2-8-2-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Primary"}]}

{}

{}