WPClever CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH WPClever CVE published 2026-06-15

CVE-2026-49061

A high-severity vulnerability, CVE-2026-49061, with a CVSS score of 7.5, was published on June 15, 2026, affecting WPC Product Options for WooCommerce versions up to 3.2.1. This vulnerability allows unauthenticated arbitrary file downloads, potentially leading to sensitive information disclosure.

HIGH WPClever CVE published 2026-06-15

CVE-2026-48883

CVE-2026-48883 is a HIGH severity vulnerability in WPC Product Bundles for WooCommerce plugin versions <= 8.5.3. The vulnerability is caused by Unauthenticated Broken Access Control. The CVSS score for this vulnerability is 7.5.