Is Advanced Woo Labels affected by CVE-2026-32414?

A code injection vulnerability in the Advanced Woo Labels WordPress plugin (versions through 2.36) allows attackers to execute arbitrary code on affected e-commerce sites.

CVE-2026-32414

Q: How to fix CVE-2026-32414?

Within 24 hours: Audit all WordPress instances for Advanced Woo Labels installation and version; isolate affected sites or disable the plugin immediately. Within 7 days: Implement Web Application Firewall (WAF) rules to block malicious payloads targeting the vulnerable code injection vectors; consider migrating to an alternative labeling plugin. Within 30 days: Monitor vendor security advisories for patch availability; conduct forensic analysis of affected systems for signs of compromise; update all WordPress components and plugins to latest versions.

EUVD-2026-11933 HIGH

2026-03-13 Patchstack

7.2

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 13, 2026 - 16:57 euvd

EUVD-2026-11933

Analysis Generated

Mar 13, 2026 - 16:57 vuln.today

CVE Published

Mar 13, 2026 - 11:42 nvd

HIGH 7.2

Description

Improper Control of Generation of Code ('Code Injection') vulnerability in ILLID Advanced Woo Labels advanced-woo-labels allows Remote Code Inclusion.This issue affects Advanced Woo Labels: from n/a through <= 2.36.

Analysis

A code injection vulnerability in ILLID Advanced Woo Labels WordPress plugin (versions up to 2.36) allows authenticated administrators to execute arbitrary code through improper input validation, potentially leading to full site compromise. The vulnerability requires high privileges to exploit (CVSS 7.2), has no known active exploitation in the wild (not in CISA KEV), and carries a very low EPSS score of 0.00043 (0.043%), indicating minimal real-world exploitation likelihood despite the high CVSS score.

Remediation

Within 24 hours: Audit all WordPress instances for Advanced Woo Labels installation and version; isolate affected sites or disable the plugin immediately. Within 7 days: Implement Web Application Firewall (WAF) rules to block malicious payloads targeting the vulnerable code injection vectors; consider migrating to an alternative labeling plugin. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +36

POC: 0

CVE-2026-32414 vulnerability details – vuln.today

Back

CVE-2026-32414

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-32414

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code