CVE-2026-56061
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk16th percentile — higher than 16% of all known CVEs
Summary
The Subscriptions for WooCommerce plugin version 1.9.5 and earlier contains a vulnerability allowing unauthenticated attackers to bypass access controls. This flaw enables unauthorized operations on subscriptions without requiring authentication.
Risk Assessment
An unauthenticated attacker can modify, cancel, or access other users' subscriptions, leading to data integrity breaches and potential financial losses.
Recommendation
Immediately update the Subscriptions for WooCommerce plugin to the latest available version that fixes this vulnerability. If an update is not possible, consider temporarily disabling the plugin.
Original NVD description (English source)
Unauthenticated Broken Access Control in Subscriptions for WooCommerce <= 1.9.5 versions.

