CVE-2026-56013
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk14th percentile — higher than 14% of all known CVEs
Summary
The License Manager for WooCommerce plugin version 3.0.15 and earlier contains an unauthenticated Insecure Direct Object References (IDOR) vulnerability. This allows an attacker to access sensitive data without requiring authentication.
Risk Assessment
The risk involves unauthorized reading or modification of license data, potentially leading to a breach of confidentiality and integrity of the license management system.
Recommendation
It is recommended to immediately update the License Manager for WooCommerce plugin to the latest available version that fixes this vulnerability.
Original NVD description (English source)
Unauthenticated Insecure Direct Object References (IDOR) in License Manager for WooCommerce <= 3.0.15 versions.

