Skip to main content

License Manager For Woocommerce

4 CVEs product

Monthly

CVE-2026-61958 MEDIUM This Month

Missing authorization in the License Manager for WooCommerce WordPress plugin (versions through 3.0.17) allows authenticated low-privilege users to perform arbitrary content deletion without proper permission checks. The flaw stems from CWE-862, where sensitive plugin actions are accessible to any authenticated user regardless of their assigned role. No active exploitation has been confirmed by CISA KEV, and no public exploit code has been identified at time of analysis.

Authentication Bypass WordPress License Manager For Woocommerce
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2026-56013 MEDIUM This Month

Unauthenticated IDOR in License Manager for WooCommerce (versions <= 3.0.15) allows remote, unauthenticated attackers to reference and manipulate arbitrary license records by supplying or iterating object identifiers in plugin requests, yielding integrity and availability impacts on license data. The CVSS vector (PR:N, AV:N, AC:L) confirms no authentication or special conditions are needed, making the attack trivially repeatable against any reachable WooCommerce store running the affected plugin. No public exploit code has been identified at time of analysis and the vulnerability is not listed in the CISA KEV catalog.

Authentication Bypass WordPress License Manager For Woocommerce
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-1639 MEDIUM This Month

The License Manager for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the showLicenseKey() and showAllLicenseKeys() functions in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress License Manager For Woocommerce
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-48742 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LicenseManager License Manager for WooCommerce license-manager-for-woocommerce allows SQL. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi License Manager For Woocommerce
NVD
CVSS 3.1
7.6
EPSS
0.3%
EPSS 0% CVSS 5.4
MEDIUM This Month

Missing authorization in the License Manager for WooCommerce WordPress plugin (versions through 3.0.17) allows authenticated low-privilege users to perform arbitrary content deletion without proper permission checks. The flaw stems from CWE-862, where sensitive plugin actions are accessible to any authenticated user regardless of their assigned role. No active exploitation has been confirmed by CISA KEV, and no public exploit code has been identified at time of analysis.

Authentication Bypass WordPress License Manager For Woocommerce
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Unauthenticated IDOR in License Manager for WooCommerce (versions <= 3.0.15) allows remote, unauthenticated attackers to reference and manipulate arbitrary license records by supplying or iterating object identifiers in plugin requests, yielding integrity and availability impacts on license data. The CVSS vector (PR:N, AV:N, AC:L) confirms no authentication or special conditions are needed, making the attack trivially repeatable against any reachable WooCommerce store running the affected plugin. No public exploit code has been identified at time of analysis and the vulnerability is not listed in the CISA KEV catalog.

Authentication Bypass WordPress License Manager For Woocommerce
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

The License Manager for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the showLicenseKey() and showAllLicenseKeys() functions in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress License Manager For Woocommerce
NVD
EPSS 0% CVSS 7.6
HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LicenseManager License Manager for WooCommerce license-manager-for-woocommerce allows SQL. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi License Manager For Woocommerce
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy