This vulnerability in WooCommerce Conversion Tracking by weDevs is classified as Missing Authorization (CWE-862). It affects versions up to 2.0.11 and allows users with some privileges to bypass authorization checks, potentially modifying data or performing actions they should not be permitted to. The CVSS 3.1 base score is 4.3 (medium), reflecting network attack vector, low attack complexity, low privileges required, no user interaction, unchanged scope, no confidentiality or availability impact, and limited integrity impact. No patch or official remediation level has been disclosed by the vendor as of the publication date.

The vulnerability allows unauthorized actions that may affect data integrity within the WooCommerce Conversion Tracking plugin. There is no impact on confidentiality or availability. The medium severity score reflects the limited scope and privileges required for exploitation. No known active exploitation has been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, review user privileges carefully and restrict access to trusted users only. Monitor for updates from weDevs regarding patches or official mitigations.