CVE Catalog
CVE-2026-42668
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk0.53%
40th percentile - higher than 40% of all known CVEs
Summary
Email Marketing for WooCommerce by Omnisend versions up to 1.18.0 contain a vulnerability in authentication that allows unauthorized access.
Risk Assessment
Organizations may be exposed to unauthorized actions within the system, potentially leading to data leaks or manipulation of customer data.
Recommendation
It is recommended to update the plugin to the latest version to mitigate this security vulnerability.
Original NVD description (English source)
Unauthenticated Broken Authentication in Email Marketing for WooCommerce by Omnisend <= 1.18.0 versions.

