The vulnerability identified as CVE-2026-25384 affects WP-Lister Lite for eBay plugin by WP Lab, specifically versions up to 3.8.5. It involves missing authorization controls, meaning that certain actions or data may be accessible without proper permission checks. This is due to incorrectly configured access control security levels. The CVSS 3.1 base score is 5.3, reflecting a network attack vector with low complexity, no privileges required, and no user interaction needed. The impact is limited to a loss of confidentiality, with no impact on integrity or availability reported. There is no vendor advisory or patch information available at this time, and the product is not a cloud service.

The vulnerability allows unauthorized access to certain functions or data within the WP-Lister Lite for eBay plugin, potentially exposing confidential information. However, it does not affect data integrity or availability. Since no known exploits are reported in the wild, the immediate risk appears limited but could increase if exploitation techniques emerge.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should monitor for updates from WP Lab and consider restricting access to the plugin's administrative interfaces to trusted users only. Avoid exposing the plugin to untrusted networks or users.