PatchSiren cyber security CVE debrief
CVE-2026-49110 WP Swings CVE debrief
CVE-2026-49110 is a HIGH severity vulnerability in Upsell Order Bump Offer for WooCommerce plugin versions up to 3.1.4. This vulnerability is caused by unauthenticated broken authentication, allowing attackers to manipulate prices. The CVSS score for this vulnerability is 7.5, indicating a high level of severity. The vulnerability was published on [cvePublishedAt] and last modified on [cveModifiedAt].
- Vendor
- WP Swings
- Product
- Upsell Order Bump Offer for WooCommerce
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of Upsell Order Bump Offer for WooCommerce plugin versions up to 3.1.4 should apply the necessary patches or updates to mitigate this vulnerability.
Technical summary
The vulnerability has a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N, indicating that it can be exploited remotely with low attack complexity and no privileges. The primary weakness associated with this vulnerability is CWE-1284.
Defensive priority
HIGH
Recommended defensive actions
- Apply the patch or update to the latest version of Upsell Order Bump Offer for WooCommerce plugin.
- Review and update security configurations to prevent exploitation.
Evidence notes
Evidence for this CVE was provided by Patchstack.
Official resources
-
CVE-2026-49110 CVE record
CVE.org
-
CVE-2026-49110 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-49110 was published on 2026-06-15T21:17:20.867Z and last modified on 2026-06-15T21:24:32.790Z.