Vulnerabilities > CVE-2025-46244 - Missing Authorization vulnerability in Multidots Advanced Linked Variations for Woocommerce

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

multidots

CWE-862

critical

NVD

Published: 2025-04-22

Updated: 2025-04-29

Summary

Missing Authorization vulnerability in Dotstore Advanced Linked Variations for Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced Linked Variations for Woocommerce: from n/a through 1.0.3.

Vulnerable Configurations

Part	Description	Count
Application	Multidots Multidots Advanced Linked Variations FOR Woocommerce - Multidots Advanced Linked Variations FOR Woocommerce 1.0.0 Multidots Advanced Linked Variations FOR Woocommerce 1.0.1 Multidots Advanced Linked Variations FOR Woocommerce 1.0.2 Multidots Advanced Linked Variations FOR Woocommerce 1.0.3	5

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://patchstack.com/database/wordpress/plugin/linked-variation/vulnerability/wordpress-advanced-linked-variations-for-woocommerce-1-0-3-broken-access-control-vulnerability?_s_id=cve