PatchSiren cyber security CVE debrief
CVE-2026-48873 Montonio CVE debrief
CVE-2026-48873 is a HIGH severity vulnerability in the Montonio for WooCommerce plugin (versions <= 10.1.2). This vulnerability is classified as Unauthenticated Broken Access Control, with a CVSS score of 7.5. The vulnerability was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-48873) and last modified on [cveModifiedAt](https://nvd.nist.gov/vuln/detail/CVE-2026-48873).
- Vendor
- Montonio
- Product
- Montonio for WooCommerce
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Administrators and users of the Montonio for WooCommerce plugin versions <= 10.1.2 should prioritize patching this vulnerability to prevent potential exploitation.
Technical summary
The vulnerability is caused by Unauthenticated Broken Access Control in the Montonio for WooCommerce plugin. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N. The primary weakness associated with this vulnerability is CWE-862.
Defensive priority
HIGH
Recommended defensive actions
- Patch the Montonio for WooCommerce plugin to version > 10.1.2.
- Review and restrict access controls for the plugin.
Evidence notes
Evidence for this CVE was provided by Patchstack (see [ref-4](https://patchstack.com/database/wordpress/plugin/montonio-for-woocommerce/vulnerability/wordpress-montonio-for-woocommerce-plugin-10-1-2-broken-access-control-vulnerability?_s_id=cve)).
Official resources
-
CVE-2026-48873 CVE record
CVE.org
-
CVE-2026-48873 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-48873 was published on 2026-06-15T21:17:16.793Z and last modified on 2026-06-15T21:24:32.790Z.