{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-32236", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2025-04-04T10:01:59.469Z", "datePublished": "2025-04-10T08:09:46.527Z", "dateUpdated": "2026-04-28T16:12:19.382Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "vagonic-sortable", "product": "Woocommerce Products Reorder Drag Drop Multiple Sort \u2013 Sortable, Rearrange Products Vagonic", "vendor": "Vagonic", "versions": [{"lessThanOrEqual": "1.9", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Mika | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:38:39.614Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in Vagonic Woocommerce Products Reorder Drag Drop Multiple Sort \u2013 Sortable, Rearrange Products Vagonic vagonic-sortable.<p>This issue affects Woocommerce Products Reorder Drag Drop Multiple Sort \u2013 Sortable, Rearrange Products Vagonic: from n/a through <= 1.9.</p>"}], "value": "Missing Authorization vulnerability in Vagonic Woocommerce Products Reorder Drag Drop Multiple Sort \u2013 Sortable, Rearrange Products Vagonic vagonic-sortable.This issue affects Woocommerce Products Reorder Drag Drop Multiple Sort \u2013 Sortable, Rearrange Products Vagonic: from n/a through <= 1.9."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:12:19.382Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/vagonic-sortable/vulnerability/wordpress-woocommerce-products-reorder-drag-drop-multiple-sort-plugin-1-9-broken-access-control-vulnerability?_s_id=cve"}], "title": "WordPress Woocommerce Products Reorder Drag Drop Multiple Sort plugin <= 1.9 - Broken Access Control vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-10T18:43:45.517694Z", "id": "CVE-2025-32236", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-10T18:46:29.142Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-32236", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-10T18:43:45.517694Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-10T18:46:23.442Z"}}], "cna": {"title": "WordPress Woocommerce Products Reorder Drag Drop Multiple Sort plugin <= 1.9 - Broken Access Control vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Mika (Patchstack Alliance)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Vagonic", "product": "Woocommerce Products Reorder Drag Drop Multiple Sort \u2013 Sortable, Rearrange Products Vagonic", "versions": [{"status": "affected", "version": "n/a", "versionType": "custom", "lessThanOrEqual": "1.9"}], "packageName": "vagonic-sortable", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "references": [{"url": "https://patchstack.com/database/wordpress/plugin/vagonic-sortable/vulnerability/wordpress-woocommerce-products-reorder-drag-drop-multiple-sort-plugin-1-9-broken-access-control-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Vagonic Woocommerce Products Reorder Drag Drop Multiple Sort \u2013 Sortable, Rearrange Products Vagonic. This issue affects Woocommerce Products Reorder Drag Drop Multiple Sort \u2013 Sortable, Rearrange Products Vagonic: from n/a through 1.9.", "supportingMedia": [{"type": "text/html", "value": "<p>Missing Authorization vulnerability in Vagonic Woocommerce Products Reorder Drag Drop Multiple Sort \u2013 Sortable, Rearrange Products Vagonic.</p><p>This issue affects Woocommerce Products Reorder Drag Drop Multiple Sort \u2013 Sortable, Rearrange Products Vagonic: from n/a through 1.9.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2025-04-10T08:09:46.527Z"}}}, "cveMetadata": {"cveId": "CVE-2025-32236", "state": "PUBLISHED", "dateUpdated": "2025-04-10T18:46:29.142Z", "dateReserved": "2025-04-04T10:01:59.469Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2025-04-10T08:09:46.527Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Vagonic Woocommerce Products Reorder Drag Drop Multiple Sort \u2013 Sortable, Rearrange Products Vagonic vagonic-sortable.This issue affects Woocommerce Products Reorder Drag Drop Multiple Sort \u2013 Sortable, Rearrange Products Vagonic: from n/a through <= 1.9."}, {"lang": "es", "value": "Vulnerabilidad de falta de autorizaci\u00f3n en Vagonic Woocommerce Products Reorder Drag Drop Multiple Sort \u2013 Sortable, Rearrange Products Vagonic. Este problema afecta a Vagonic WooCommerce Products Reorder Drag Drop Multiple Sort (Ordenable, Reorganizar productos) desde n/d hasta la versi\u00f3n 1.9."}], "id": "CVE-2025-32236", "lastModified": "2026-04-23T15:28:48.557", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2025-04-10T08:15:19.760", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/vagonic-sortable/vulnerability/wordpress-woocommerce-products-reorder-drag-drop-multiple-sort-plugin-1-9-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"created": "2026-04-30T23:30:03.934600+00:00", "updated": "2026-04-30T23:30:03.934617+00:00", "vendors": []}