PatchSiren cyber security CVE debrief
CVE-2026-39470 Brainstorm Force CVE debrief
CVE-2026-39470 is a HIGH severity vulnerability in WooCommerce Cart Abandonment Recovery plugin versions < 2.1.0. The vulnerability allows for Privilege Escalation by a Shop manager. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 7.2.
- Vendor
- Brainstorm Force
- Product
- WooCommerce Cart Abandonment Recovery
- CVSS
- HIGH 7.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of WooCommerce Cart Abandonment Recovery plugin versions < 2.1.0 should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability has been identified in WooCommerce Cart Abandonment Recovery plugin versions < 2.1.0. It allows for Privilege Escalation by a Shop manager, with a CVSS score of 7.2 and a severity of HIGH.
Defensive priority
HIGH
Recommended defensive actions
- Update WooCommerce Cart Abandonment Recovery plugin to version 2.1.0 or later.
- Refer to [ref-4](https://patchstack.com/database/wordpress/plugin/woo-cart-abandonment-recovery/vulnerability/wordpress-woocommerce-cart-abandonment-recovery-plugin-2-1-0-privilege-escalation-vulnerability?_s_id=cve) for
Evidence notes
Evidence for this CVE was provided by Patchstack.
Official resources
-
CVE-2026-39470 CVE record
CVE.org
-
CVE-2026-39470 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-39470 was published on 2026-06-15T21:16:43.740Z and modified on 2026-06-15T21:24:32.790Z.