Skip to main content

Upsell Order Bump Offer For Woocommerce

1 CVEs product

Monthly

CVE-2026-49110 HIGH This Week

Broken authentication in the Upsell Order Bump Offer for WooCommerce plugin (versions 3.1.4 and earlier) allows remote unauthenticated attackers to manipulate offer/price integrity on affected WordPress storefronts. Patchstack classifies the issue as a price manipulation vulnerability with high integrity impact, and no public exploit identified at time of analysis. The defect is reachable over the network without authentication or user interaction, making any WooCommerce store running the plugin a direct target.

WordPress Information Disclosure Upsell Order Bump Offer For Woocommerce
NVD
CVSS 3.1
7.5
EPSS
0.2%
EPSS 0% CVSS 7.5
HIGH This Week

Broken authentication in the Upsell Order Bump Offer for WooCommerce plugin (versions 3.1.4 and earlier) allows remote unauthenticated attackers to manipulate offer/price integrity on affected WordPress storefronts. Patchstack classifies the issue as a price manipulation vulnerability with high integrity impact, and no public exploit identified at time of analysis. The defect is reachable over the network without authentication or user interaction, making any WooCommerce store running the plugin a direct target.

WordPress Information Disclosure Upsell Order Bump Offer For Woocommerce
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy