CVE-2026-25419

Name of the Vulnerable Software and Affected Versions UpsellWP versions through 2.2.3

Description A missing authorization issue exists in flycart UpsellWP checkout-upsell-and-order-bumps, allowing exploitation of incorrectly configured access control security levels.

Recommendations Update UpsellWP to a version newer than 2.2.3.