This vulnerability (CWE-862) in TrackShip for WooCommerce involves missing authorization checks, which means that certain operations can be performed without verifying the user's permissions. The affected versions include all versions up to 1.7.5. The CVSS 3.1 base score is 5.3, reflecting a network attack vector with low complexity and no privileges or user interaction required, but with limited impact on integrity and no impact on confidentiality or availability. No vendor advisory or patch is currently available, and the product is not a cloud service, so remediation depends on vendor updates.

An attacker can exploit this missing authorization vulnerability to perform unauthorized actions that may alter data or application state, impacting data integrity. There is no impact on confidentiality or availability reported. The medium severity score reflects the potential for limited but meaningful unauthorized modifications within the affected WooCommerce plugin environment.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, users should monitor official TrackShip communications for updates. No official workaround or temporary fix has been published. Applying the principle of least privilege to user roles in WooCommerce may reduce risk but does not fully mitigate the vulnerability.