Unity Business Technology The E-Commerce ERP Broken Access Control Vulnerability

A broken access control vulnerability has been identified in the WordPress plugin The E-Commerce ERP, affecting versions through 2.1.1.3. This vulnerability allows users to access functionalities that are not properly restricted by access control lists (ACLs), potentially leading to unauthorized actions or data exposure.

Impact

Exploitation of this vulnerability could allow unauthorized users to perform actions or access data that should be restricted, due to the lack of proper authorization checks in the affected plugin.

Remediation

Users of the WordPress The E-Commerce ERP plugin are advised to update to a version later than 2.1.1.3, as no official fix is currently available. However, Patchstack offers a virtual patch that can be applied to mitigate this vulnerability until an official update can be safely implemented.