CVE Catalog

CVE-2026-49072

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Summary

The WooCommerce Anti-Fraud plugin in versions up to 7.2.6 has a broken access control vulnerability that allows unauthorized access to functions.

Risk Assessment

Organizations may be exposed to unauthorized actions, potentially leading to data theft or transaction manipulation.

Recommendation

It is recommended to update the WooCommerce Anti-Fraud plugin to the latest version to mitigate this vulnerability.

Original NVD description (English source)

Unauthenticated Broken Access Control in WooCommerce Anti-Fraud <= 7.2.6 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS