PatchSiren cyber security CVE debrief
CVE-2026-48883 WPClever CVE debrief
CVE-2026-48883 is a HIGH severity vulnerability in WPC Product Bundles for WooCommerce plugin versions <= 8.5.3. The vulnerability is caused by Unauthenticated Broken Access Control. The CVSS score for this vulnerability is 7.5.
- Vendor
- WPClever
- Product
- WPC Product Bundles for WooCommerce
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of WPC Product Bundles for WooCommerce plugin versions <= 8.5.3 should apply the patch or upgrade to a patched version.
Technical summary
CVE-2026-48883 has been publicly disclosed on 2026-06-15T21:17:17.613Z and was last modified on 2026-06-15T21:24:32.790Z. The vulnerability has a CVSS score of 7.5 and a severity of HIGH. The vulnerability is caused by Unauthenticated Broken Access Control in WPC Product Bundles for WooCommerce plugin versions <= 8.5.3.
Defensive priority
HIGH
Recommended defensive actions
- Apply the patch or upgrade to a patched version of WPC Product Bundles for WooCommerce plugin.
- See resourceLinkAnnotations for more information: {ref-4}.
Evidence notes
The vulnerability was reported by [email protected].
Official resources
-
CVE-2026-48883 CVE record
CVE.org
-
CVE-2026-48883 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-48883 was publicly disclosed on 2026-06-15T21:17:17.613Z.