CVE-2025-66122 is a missing authorization vulnerability identified in the Design Stylish Price List plugin, affecting all versions up to and including 7.2.2. The vulnerability arises from incorrectly configured access control security levels, allowing attackers with low privileges (PR:L) to perform unauthorized actions over the network (AV:N) without requiring user interaction (UI:N). The scope of the vulnerability is unchanged (S:U), meaning the impact is limited to the affected component. The CVSS vector indicates that the vulnerability impacts confidentiality and integrity (C:L/I:L) but does not affect availability (A:N). This means an attacker can potentially read or modify sensitive pricing data or configurations that should be restricted, leading to data leakage or unauthorized changes. The vulnerability does not require elevated privileges beyond low-level access, increasing the risk of exploitation by insiders or compromised low-privilege accounts. No known exploits are currently reported in the wild, and no official patches have been released as of the publication date. The vulnerability is significant for organizations relying on the Stylish Price List plugin for pricing management or e-commerce operations, as unauthorized access could lead to competitive disadvantage or regulatory compliance issues.

For European organizations, the missing authorization vulnerability could lead to unauthorized disclosure or modification of pricing data, impacting business confidentiality and data integrity. This could result in financial losses, reputational damage, and potential regulatory penalties under GDPR if personal or sensitive data is involved. E-commerce platforms and businesses using the Stylish Price List plugin may face risks of pricing manipulation, which could disrupt sales strategies or customer trust. The lack of availability impact means service disruption is unlikely, but the integrity and confidentiality breaches alone can have serious consequences. Attackers exploiting this vulnerability could gain insights into pricing strategies or alter price listings, affecting competitive positioning. The medium severity suggests a moderate but actionable risk, especially in sectors with high reliance on accurate pricing data such as retail, wholesale, and manufacturing within Europe.

European organizations should immediately review access control configurations for the Stylish Price List plugin to ensure strict authorization checks are enforced. Limit plugin access to only necessary users with appropriate privilege levels and monitor logs for unusual access patterns or unauthorized changes. Implement network segmentation to restrict access to the plugin’s management interfaces. Regularly audit user permissions and remove unnecessary accounts or privileges. Stay informed about vendor updates and apply patches promptly once available. Consider deploying web application firewalls (WAFs) with rules to detect and block unauthorized access attempts targeting the plugin. Conduct internal penetration testing focusing on access control weaknesses in the plugin environment. Additionally, educate administrators and users about the risks of privilege misuse and enforce strong authentication mechanisms to reduce the risk of compromised low-privilege accounts.