CVE-2026-57664
MediumCVSS 4.3Summary
The vulnerability in the Bopo – WooCommerce Product Bundle Builder plugin version 1.1.6 and earlier allows unauthenticated attackers to access sensitive data. The flaw is due to insufficient protection of API endpoints or data exposure mechanisms.
Risk Assessment
The organization is at risk of leaking confidential information such as customer data, product configurations, or API keys, which could lead to privacy breaches and financial losses.
Recommendation
Immediately update the Bopo – WooCommerce Product Bundle Builder plugin to the latest available version that fixes this vulnerability. If an update is not possible, temporarily disable the plugin or restrict access to its endpoints using a firewall.
Original NVD description (English source)
Unauthenticated Sensitive Data Exposure in Bopo – WooCommerce Product Bundle Builder <= 1.1.6 versions.

