CRITICAL
hippooo
CVE published 2026-06-05
CVE-2026-10580
CVE-2026-10580 is a critical vulnerability in the Hippoo Mobile App for WooCommerce plugin for WordPress. The plugin is vulnerable to Authentication Bypass leading to Administrator Account Takeover in all versions up to and including 1.9.4. This issue arises from a logic conflation in `HippooPermissions::get_user_permissions()`, which returns the same null sentinel for both administrators and unauthentica [truncated]