PatchSiren

WP Swings CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH WP Swings CVE published 2026-06-26

CVE-2026-56061

CVE-2026-56061 is a HIGH-severity vulnerability in Subscriptions for WooCommerce plugin versions <= 1.9.5. This vulnerability allows unauthenticated broken access control, potentially enabling attackers to manipulate subscriptions. The CVSS score for this vulnerability is 7.5. The vulnerability was published on June 26, 2026, and last modified on June 29, 2026. Users of affected versions should apply patc [truncated]

HIGH WP Swings CVE published 2026-06-15

CVE-2026-49110

CVE-2026-49110 is a HIGH severity vulnerability in Upsell Order Bump Offer for WooCommerce plugin versions up to 3.1.4. This vulnerability is caused by unauthenticated broken authentication, allowing attackers to manipulate prices. The CVSS score for this vulnerability is 7.5, indicating a high level of severity. The vulnerability was published on [cvePublishedAt] and last modified on [cveModifiedAt].

HIGH WP Swings CVE published 2026-06-15

CVE-2026-34898

CVE-2026-34898 is a HIGH severity vulnerability in Event Tickets Manager for WooCommerce plugin versions <= 1.5.3. The vulnerability is caused by Unauthenticated Broken Access Control, with a CVSS score of 7.5. The vulnerability was published on [cvePublishedAt] and last modified on [cveModifiedAt].

CRITICAL WP Swings CVE published 2026-05-20

CVE-2026-45444

CVE-2026-45444 is a critical unrestricted upload vulnerability in the WP Swings Gift Cards For WooCommerce Pro WordPress plugin, affecting versions through 4.2.6. Based on the published record, the issue is rated CVSS 3.1 10.0 and can be triggered remotely without user interaction. Because dangerous file types may be accepted, affected sites should treat this as a high-risk path to malicious file placemen [truncated]