CVE Catalog

CVE-2026-57664

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Summary

The vulnerability in the Bopo – WooCommerce Product Bundle Builder plugin version 1.1.6 and earlier allows unauthenticated attackers to access sensitive data. The flaw is due to insufficient protection of API endpoints or data exposure mechanisms.

Risk Assessment

The organization is at risk of leaking confidential information such as customer data, product configurations, or API keys, which could lead to privacy breaches and financial losses.

Recommendation

Immediately update the Bopo – WooCommerce Product Bundle Builder plugin to the latest available version that fixes this vulnerability. If an update is not possible, temporarily disable the plugin or restrict access to its endpoints using a firewall.

Original NVD description (English source)

Unauthenticated Sensitive Data Exposure in Bopo – WooCommerce Product Bundle Builder <= 1.1.6 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS