CVE-2025-23991 identifies a missing authorization vulnerability in the Dotstore Product Size Charts Plugin for WooCommerce, specifically affecting versions up to and including 2.4.5. The vulnerability arises because the plugin fails to properly enforce authorization checks on certain operations related to product size charts. This means that an attacker can potentially access or modify size chart data without being authenticated or authorized, leading to unauthorized data exposure or manipulation. The plugin is widely used by WooCommerce-based e-commerce websites to provide customers with size chart information for products. Since WooCommerce is a popular e-commerce platform with a large global user base, this vulnerability could affect many online stores. The lack of a CVSS score indicates that the vulnerability is newly disclosed and not yet fully assessed. No known exploits have been reported in the wild, but the missing authorization flaw inherently presents a significant risk. The vulnerability does not require user interaction but does require the attacker to send crafted requests to the affected plugin endpoints. The absence of patch links suggests that a fix may not yet be publicly available, increasing the urgency for mitigation through alternative means such as access restrictions or monitoring.

The primary impact of this vulnerability is unauthorized access and potential modification of product size chart data within WooCommerce stores using the affected plugin. This can lead to misinformation presented to customers, damaging brand reputation and customer trust. In some cases, attackers might manipulate size charts to cause confusion or disrupt sales processes. Although this vulnerability does not directly expose sensitive customer data or payment information, the integrity and availability of product information are critical for e-commerce operations. Exploitation could also serve as a foothold for further attacks if combined with other vulnerabilities. Organizations worldwide running WooCommerce with this plugin are at risk, especially those that rely heavily on accurate product sizing for customer satisfaction and returns management. The lack of authentication requirements lowers the barrier for exploitation, increasing the threat level. The overall business impact includes potential revenue loss, increased customer service costs, and reputational damage.

1. Monitor official Dotstore and WooCommerce channels for patches addressing CVE-2025-23991 and apply them promptly once released. 2. Until patches are available, restrict access to plugin endpoints by implementing web application firewall (WAF) rules that block unauthorized requests targeting size chart management URLs. 3. Limit administrative access to trusted users only and enforce strong authentication mechanisms for backend access. 4. Conduct regular audits of plugin configurations and size chart data integrity to detect unauthorized changes early. 5. Employ network segmentation to isolate e-commerce management interfaces from public-facing systems where feasible. 6. Use security plugins or monitoring tools that can detect anomalous requests or unauthorized access attempts to WooCommerce plugins. 7. Educate site administrators about the risks of missing authorization vulnerabilities and encourage adherence to the principle of least privilege for user roles. 8. Consider temporarily disabling the affected plugin if size chart functionality is not critical, until a secure version is available.