PatchSiren cyber security CVE debrief
CVE-2026-39437 WPFactory CVE debrief
A high-severity Unauthenticated Cross Site Scripting (XSS) vulnerability was discovered in the Min Max Step Quantity Limits Manager for WooCommerce plugin, affecting versions up to 5.2.2. The vulnerability has a CVSS score of 7.1 and is considered HIGH severity.
- Vendor
- WPFactory
- Product
- Min Max Step Quantity Limits Manager for WooCommerce
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-16
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-16
Who should care
Users of the Min Max Step Quantity Limits Manager for WooCommerce plugin, particularly those using versions up to 5.2.2, should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability is an Unauthenticated Cross Site Scripting (XSS) issue in the Min Max Step Quantity Limits Manager for WooCommerce plugin. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L.
Defensive priority
HIGH
Recommended defensive actions
- Update the Min Max Step Quantity Limits Manager for WooCommerce plugin to a version that is not vulnerable.
- Refer to the vendor's documentation or support resources for guidance on updating the plugin.
Evidence notes
The vulnerability was reported by [email protected] and is referenced in the CVE record.
Official resources
-
CVE-2026-39437 CVE record
CVE.org
-
CVE-2026-39437 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-39437 was published on 2026-06-16T10:16:26.970Z and has not been modified since then.