Skip to main content

Woocommerce Anti Fraud

1 CVEs product

Monthly

CVE-2026-49072 MEDIUM This Month

Unauthenticated broken access control in the WooCommerce Anti-Fraud WordPress plugin by OPMC (versions ≤ 7.2.6) allows remote unauthenticated attackers to perform unauthorized actions against the anti-fraud layer of WooCommerce stores. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms no credentials or user interaction are required, and CWE-862 (Missing Authorization) identifies the root cause as absent capability or permission checks on one or more plugin endpoints. With integrity (I:L) and availability (A:L) impacts, attackers could potentially interfere with or circumvent fraud detection logic, enabling fraudulent orders to pass undetected or disrupting store operations. No public exploit code has been identified and CISA KEV listing is absent at time of analysis.

Authentication Bypass WordPress Woocommerce Anti Fraud
NVD
CVSS 3.1
6.5
EPSS
0.3%
EPSS 0% CVSS 6.5
MEDIUM This Month

Unauthenticated broken access control in the WooCommerce Anti-Fraud WordPress plugin by OPMC (versions ≤ 7.2.6) allows remote unauthenticated attackers to perform unauthorized actions against the anti-fraud layer of WooCommerce stores. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms no credentials or user interaction are required, and CWE-862 (Missing Authorization) identifies the root cause as absent capability or permission checks on one or more plugin endpoints. With integrity (I:L) and availability (A:L) impacts, attackers could potentially interfere with or circumvent fraud detection logic, enabling fraudulent orders to pass undetected or disrupting store operations. No public exploit code has been identified and CISA KEV listing is absent at time of analysis.

Authentication Bypass WordPress Woocommerce Anti Fraud
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy