Skip to main content

Eshipper Commerce

1 CVEs product

Monthly

CVE-2026-39689 MEDIUM This Month

eShipper Commerce plugin versions up to 2.16.12 allow unauthenticated attackers to modify data through missing authorization checks on access control enforcement points. The vulnerability exposes WordPress sites running this e-commerce plugin to unauthorized state changes without requiring authentication, with a low EPSS exploitation probability (0.02% percentile 4%) suggesting limited real-world attack incentive despite the network-accessible attack vector.

Authentication Bypass Eshipper Commerce
NVD
CVSS 3.1
5.3
EPSS
0.0%
EPSS 0% CVSS 5.3
MEDIUM This Month

eShipper Commerce plugin versions up to 2.16.12 allow unauthenticated attackers to modify data through missing authorization checks on access control enforcement points. The vulnerability exposes WordPress sites running this e-commerce plugin to unauthorized state changes without requiring authentication, with a low EPSS exploitation probability (0.02% percentile 4%) suggesting limited real-world attack incentive despite the network-accessible attack vector.

Authentication Bypass Eshipper Commerce
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy