This vulnerability in WooCommerce PDF Vouchers arises from missing authorization checks, allowing attackers to access functionality without proper ACL enforcement. The issue affects all versions up to 4.9.4. The CVSS 3.1 vector indicates the attack can be performed remotely without authentication or user interaction, potentially leading to partial confidentiality, integrity, and availability impacts. No vendor advisory or patch information is currently available, and the plugin is not a cloud service, so remediation depends on vendor updates.

An attacker can remotely exploit this vulnerability without authentication or user interaction to access or manipulate functionality that should be restricted. This can lead to partial loss of confidentiality, integrity, and availability within the affected WooCommerce PDF Vouchers plugin environment. The exact impact depends on the specific functionality accessed but is considered high severity based on the CVSS score.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should monitor for updates from WPWeb Elite and consider restricting access to the affected plugin functionality where possible. No official mitigation or temporary fix is currently documented.