Skip to main content

Autoship Cloud For Woocommerce Subscription Products

1 CVEs product

Monthly

CVE-2026-24527 MEDIUM This Month

Missing Authorization in Autoship Cloud for WooCommerce Subscription Products (versions through 2.14.0) allows authenticated low-privileged users to perform actions beyond their intended permission scope, resulting in unauthorized data modification. Reported by Patchstack, this CWE-862 flaw means the plugin fails to verify whether an authenticated user holds the correct capability before executing sensitive operations within the WooCommerce subscription management interface. No active exploitation is confirmed (not in CISA KEV), no public exploit code has been identified, and the EPSS score of 0.03% (8th percentile) signals negligible automated exploitation activity at this time.

Authentication Bypass WordPress Autoship Cloud For Woocommerce Subscription Products
NVD
CVSS 3.1
4.3
EPSS
0.0%
EPSS 0% CVSS 4.3
MEDIUM This Month

Missing Authorization in Autoship Cloud for WooCommerce Subscription Products (versions through 2.14.0) allows authenticated low-privileged users to perform actions beyond their intended permission scope, resulting in unauthorized data modification. Reported by Patchstack, this CWE-862 flaw means the plugin fails to verify whether an authenticated user holds the correct capability before executing sensitive operations within the WooCommerce subscription management interface. No active exploitation is confirmed (not in CISA KEV), no public exploit code has been identified, and the EPSS score of 0.03% (8th percentile) signals negligible automated exploitation activity at this time.

Authentication Bypass WordPress Autoship Cloud For Woocommerce Subscription Products
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy