CVE Catalog
CVE-2026-49110
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk0.24%
14th percentile - higher than 14% of all known CVEs
Summary
In WooCommerce versions up to 3.1.4, there is a vulnerability of unauthenticated broken authentication in the Upsell Order Bump Offer feature.
Risk Assessment
An attacker could exploit this vulnerability to perform unauthorized actions within the system, potentially leading to data loss or unauthorized transactions.
Recommendation
It is recommended to update WooCommerce to the latest version to mitigate this vulnerability.
Original NVD description (English source)
Unauthenticated Broken Authentication in Upsell Order Bump Offer for WooCommerce <= 3.1.4 versions.

