This vulnerability (CWE-862) in the Order Limit for WooCommerce plugin by Xfinity Soft involves missing authorization checks, which means that certain operations can be performed without proper permission validation. The affected versions include all versions up to 2.0.0. The CVSS 3.1 base score is 6.5, with network attack vector, low attack complexity, no privileges required, no user interaction, unchanged scope, no confidentiality impact, low integrity impact, and low availability impact. The lack of authorization could allow unauthorized users to manipulate order limits or related functionality within WooCommerce installations using this plugin.

The impact is limited to integrity and availability, as unauthorized users may be able to alter order limits or related settings, potentially disrupting normal e-commerce operations. There is no confidentiality impact reported. The medium severity rating reflects the potential for misuse without requiring privileges or user interaction.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should monitor updates from Xfinity Soft and consider restricting access to the plugin's administrative functions as a temporary mitigation.