MEDIUM
Patterns in the cloud
CVE published 2026-05-25
CVE-2026-24527
CVE-2026-24527 is a Missing Authorization vulnerability (CWE-862) in the Autoship Cloud for WooCommerce Subscription Products WordPress plugin, affecting versions up to and including 2.14.0. The vulnerability allows authenticated attackers with low privileges to exploit incorrectly configured access control security levels, potentially leading to unauthorized modification of data. The CVSS 3.1 score of 4. [truncated]