CVE Catalog

CVE-2026-49110

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.24%

14th percentile - higher than 14% of all known CVEs

Summary

In WooCommerce versions up to 3.1.4, there is a vulnerability of unauthenticated broken authentication in the Upsell Order Bump Offer feature.

Risk Assessment

An attacker could exploit this vulnerability to perform unauthorized actions within the system, potentially leading to data loss or unauthorized transactions.

Recommendation

It is recommended to update WooCommerce to the latest version to mitigate this vulnerability.

Original NVD description (English source)

Unauthenticated Broken Authentication in Upsell Order Bump Offer for WooCommerce <= 3.1.4 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS