{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31921", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-03-10T10:59:45.899Z", "datePublished": "2026-03-25T16:14:57.217Z", "dateUpdated": "2026-03-25T16:14:57.217Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "products-rearrange-woocommerce", "product": "Product Rearrange for WooCommerce", "vendor": "Devteam HaywoodTech", "versions": [{"lessThanOrEqual": "<= 1.2.2", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "hivesec | Patchstack Bug Bounty Program"}], "datePublic": "2026-03-25T17:12:36.365Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in Devteam HaywoodTech Product Rearrange for WooCommerce products-rearrange-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Product Rearrange for WooCommerce: from n/a through <= 1.2.2.</p>"}], "value": "Missing Authorization vulnerability in Devteam HaywoodTech Product Rearrange for WooCommerce products-rearrange-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Rearrange for WooCommerce: from n/a through <= 1.2.2."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-03-25T16:14:57.217Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/products-rearrange-woocommerce/vulnerability/wordpress-product-rearrange-for-woocommerce-plugin-1-2-2-broken-access-control-vulnerability?_s_id=cve"}], "title": "WordPress Product Rearrange for WooCommerce plugin <= 1.2.2 - Broken Access Control vulnerability"}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Devteam HaywoodTech Product Rearrange for WooCommerce products-rearrange-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Rearrange for WooCommerce: from n/a through <= 1.2.2."}], "id": "CVE-2026-31921", "lastModified": "2026-03-25T17:16:58.913", "metrics": {}, "published": "2026-03-25T17:16:58.913", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/products-rearrange-woocommerce/vulnerability/wordpress-product-rearrange-for-woocommerce-plugin-1-2-2-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-03-25T18:38:49.984544+00:00", "value": {"mitigation_remediation": ["Upgrade Product Rearrange for WooCommerce to version 1.2.3 or later", "Verify that the installed plugin version is no longer affected", "If an update is not immediately possible, disable or remove the plugin to eliminate the attack surface", "Review WooCommerce user roles to ensure only administrators have permission to manage products"], "summary": {"action": "Immediate patch", "impact": "Unauthorized access to protected plugin features"}, "threat_synthesis": {"affected_systems": "The flaw affects Devteam HaywoodTech\u2019s Product Rearrange for WooCommerce plugin from all earlier releases through version 1.2.2. Anyone using a vulnerable instance of the plugin, regardless of their specific WooCommerce configuration, is potentially impacted.", "description_and_impact": "The vulnerability is a missing authorization flaw in the Product Rearrange for WooCommerce plugin that allows attackers to bypass intended access controls. This enables unauthorized modification or rearrangement of WooCommerce products, potentially altering pricing, display order, or affecting customer experience. The weakness stems from improperly configured security levels that do not enforce proper role checks before executing critical functions.", "risk_and_exploitability": "EPSS data is not available and the vulnerability is not listed in the KEV catalog, but the absence of authorization checks suggests a high likelihood of exploitation over the web. Attackers can likely trigger the vulnerable functions by sending crafted HTTP requests to the plugin\u2019s endpoints; authenticated or unauthenticated users with basic access may be able to invoke the affected actions. Failure to patch could lead to unauthorized product changes, data tampering, and increased exposure to further attacks."}}}}, "created": "2026-03-25T21:43:46.252739+00:00", "updated": "2026-03-25T21:43:46.252781+00:00", "vendors": []}