PatchSiren cyber security CVE debrief
CVE-2026-49060 Hippoo CVE debrief
CVE-2026-49060 is a CRITICAL vulnerability in Hippoo Mobile App for WooCommerce. The issue, Incorrect Privilege Assignment, allows for Privilege Escalation. It affects versions from n/a through 1.9.4.
- Vendor
- Hippoo
- Product
- Hippoo Mobile App for WooCommerce
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-11
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-11
- Advisory updated
- 2026-06-12
Who should care
Users of Hippoo Mobile App for WooCommerce, particularly those using versions up to 1.9.4, should apply patches or mitigations to prevent Privilege Escalation attacks.
Technical summary
The vulnerability, CVE-2026-49060, has a CVSS score of 9.8 and is classified as CRITICAL. It was published on [2026-06-11T22:16:57.737Z](https://www.cve.org/CVERecord?id=CVE-2026-49060) and last modified on [2026-06-12T13:13:53.050Z](https://nvd.nist.gov/vuln/detail/CVE-2026-49060). The vulnerability is related to CWE-266.
Defensive priority
CRITICAL
Recommended defensive actions
- Apply patches or updates to Hippoo Mobile App for WooCommerce to version 1.9.4 or later.
- Review and adjust privileges and access controls for the application.
Evidence notes
Evidence suggests that the vulnerability was reported by [email protected].
Official resources
-
CVE-2026-49060 CVE record
CVE.org
-
CVE-2026-49060 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-49060 was published on 2026-06-11T22:16:57.737Z and last modified on 2026-06-12T13:13:53.050Z.