This vulnerability in myCred's License Manager for WooCommerce (<= 3.0.15) involves an insecure direct object reference (IDOR) that allows unauthorized users to bypass authorization controls by manipulating user-controlled keys. The flaw enables attackers to potentially impact integrity and availability without requiring authentication. The CVSS vector indicates network attack vector, low attack complexity, no privileges required, no user interaction, unchanged scope, no confidentiality impact, but low integrity and low availability impacts.

The vulnerability allows unauthenticated attackers to bypass authorization controls, potentially leading to unauthorized modification or disruption of license management data. While confidentiality is not affected, integrity and availability impacts are rated low, meaning attackers could alter or disrupt license-related functions but not access sensitive data.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or temporary mitigation is currently documented, users should monitor vendor communications for updates. Avoid exposing the affected plugin to untrusted users and consider restricting access to license management interfaces until a patch is available.