CVE Catalog

CVE-2026-42668

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.53%

40th percentile - higher than 40% of all known CVEs

Summary

Email Marketing for WooCommerce by Omnisend versions up to 1.18.0 contain a vulnerability in authentication that allows unauthorized access.

Risk Assessment

Organizations may be exposed to unauthorized actions within the system, potentially leading to data leaks or manipulation of customer data.

Recommendation

It is recommended to update the plugin to the latest version to mitigate this security vulnerability.

Original NVD description (English source)

Unauthenticated Broken Authentication in Email Marketing for WooCommerce by Omnisend <= 1.18.0 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS