CVE Catalog

CVE-2026-56061

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.25%

16th percentile — higher than 16% of all known CVEs

Summary

The Subscriptions for WooCommerce plugin version 1.9.5 and earlier contains a vulnerability allowing unauthenticated attackers to bypass access controls. This flaw enables unauthorized operations on subscriptions without requiring authentication.

Risk Assessment

An unauthenticated attacker can modify, cancel, or access other users' subscriptions, leading to data integrity breaches and potential financial losses.

Recommendation

Immediately update the Subscriptions for WooCommerce plugin to the latest available version that fixes this vulnerability. If an update is not possible, consider temporarily disabling the plugin.

Original NVD description (English source)

Unauthenticated Broken Access Control in Subscriptions for WooCommerce <= 1.9.5 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS