Skip to main content

Storecustomizer

1 CVEs product

Monthly

CVE-2026-27046 MEDIUM This Month

Kaira StoreCustomizer woocustomizer versions 2.6.3 and earlier contain a missing authorization flaw that allows authenticated users to modify store customization settings they should not have access to. An attacker with low-level user privileges can exploit this misconfigured access control to make unauthorized changes to the store's appearance and configuration. No patch is currently available for this vulnerability.

Authentication Bypass Storecustomizer
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
EPSS 0% CVSS 6.5
MEDIUM This Month

Kaira StoreCustomizer woocustomizer versions 2.6.3 and earlier contain a missing authorization flaw that allows authenticated users to modify store customization settings they should not have access to. An attacker with low-level user privileges can exploit this misconfigured access control to make unauthorized changes to the store's appearance and configuration. No patch is currently available for this vulnerability.

Authentication Bypass Storecustomizer
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy