CVE Catalog

CVE-2026-57632

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.28%

19th percentile — higher than 19% of all known CVEs

Summary

The Email Marketing for WooCommerce by Omnisend plugin in versions 1.19.0 and earlier contains a broken access control vulnerability exploitable by subscribers. A user with the subscriber role can gain unauthorized access to administrative functions.

Risk Assessment

The risk involves privilege escalation by a subscriber, potentially leading to unauthorized access to sensitive data or plugin functions.

Recommendation

It is recommended to immediately update the plugin to the latest available version that fixes this vulnerability.

Original NVD description (English source)

Subscriber Broken Access Control in Email Marketing for WooCommerce by Omnisend <= 1.19.0 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS