Skip to main content

Extra Product Options Builder For Woocommerce

1 CVEs product

Monthly

CVE-2026-57390 MEDIUM This Month

Missing authorization in the Extra Product Options Builder for WooCommerce plugin (versions through 1.2.167) permits remote unauthenticated attackers to perform restricted actions without valid credentials, impacting both data integrity and service availability on affected WordPress storefronts. The flaw stems from CWE-862 - the plugin exposes endpoints or AJAX actions that fail to verify whether the caller holds the necessary capability or role before executing sensitive operations. No public exploit code has been identified at time of analysis, and the vulnerability has not been listed in the CISA KEV catalog.

Authentication Bypass WordPress Extra Product Options Builder For Woocommerce
NVD
CVSS 3.1
6.5
EPSS
0.3%
EPSS 0% CVSS 6.5
MEDIUM This Month

Missing authorization in the Extra Product Options Builder for WooCommerce plugin (versions through 1.2.167) permits remote unauthenticated attackers to perform restricted actions without valid credentials, impacting both data integrity and service availability on affected WordPress storefronts. The flaw stems from CWE-862 - the plugin exposes endpoints or AJAX actions that fail to verify whether the caller holds the necessary capability or role before executing sensitive operations. No public exploit code has been identified at time of analysis, and the vulnerability has not been listed in the CISA KEV catalog.

Authentication Bypass WordPress Extra Product Options Builder For Woocommerce
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy