CVE Catalog

CVE-2026-57332

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Summary

The Wallet System for WooCommerce plugin version 2.7.6 and earlier contains a broken access control vulnerability for subscribers. This allows users with the subscriber role to perform operations they should not be authorized for.

Risk Assessment

The risk involves potential unauthorized access to wallet functions by subscribers, which could lead to data integrity breaches and unauthorized transactions.

Recommendation

It is recommended to immediately update the Wallet System for WooCommerce plugin to the latest available version that fixes this vulnerability.

Original NVD description (English source)

Subscriber Broken Access Control in Wallet System for WooCommerce <= 2.7.6 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS