The SimpleShop plugin for WordPress contains a missing authorization vulnerability (CWE-862) in the maybe_disconnect_simpleshop function. This flaw allows unauthenticated attackers to disconnect the SimpleShop service because the function lacks proper capability checks. The vulnerability affects all versions up to 2.10.2. The CVSS 3.1 base score is 5.3, reflecting network attack vector, low attack complexity, no privileges required, no user interaction, and impact limited to integrity loss.

An attacker without authentication can disconnect the SimpleShop plugin from its service, causing unauthorized disruption of the plugin's operation. There is no direct impact on confidentiality or availability, but the integrity of the plugin's connection state is compromised. No known exploits are reported in the wild at this time.

Patch status is not yet confirmed as no official patch or vendor advisory is provided. Users should monitor the vendor's official channels for updates or patches addressing this vulnerability. Until a fix is available, consider restricting access to the affected functionality or disabling the plugin if feasible to prevent exploitation.