CVE-2026-56061 is a HIGH-severity vulnerability in Subscriptions for WooCommerce plugin versions <= 1.9.5. This vulnerability allows unauthenticated broken access control, potentially enabling attackers to manipulate subscriptions. The CVSS score for this vulnerability is 7.5. The vulnerability was published on June 26, 2026, and last modified on June 29, 2026. Users of affected versions should apply patc [truncated]
CVE-2026-49110 is a HIGH severity vulnerability in Upsell Order Bump Offer for WooCommerce plugin versions up to 3.1.4. This vulnerability is caused by unauthenticated broken authentication, allowing attackers to manipulate prices. The CVSS score for this vulnerability is 7.5, indicating a high level of severity. The vulnerability was published on [cvePublishedAt] and last modified on [cveModifiedAt].
CVE-2026-34898 is a HIGH severity vulnerability in Event Tickets Manager for WooCommerce plugin versions <= 1.5.3. The vulnerability is caused by Unauthenticated Broken Access Control, with a CVSS score of 7.5. The vulnerability was published on [cvePublishedAt] and last modified on [cveModifiedAt].
CVE-2026-45444 is a critical unrestricted upload vulnerability in the WP Swings Gift Cards For WooCommerce Pro WordPress plugin, affecting versions through 4.2.6. Based on the published record, the issue is rated CVSS 3.1 10.0 and can be triggered remotely without user interaction. Because dangerous file types may be accepted, affected sites should treat this as a high-risk path to malicious file placemen [truncated]