PT-2026-3218 · Unknown+1 · Woocommerce+1
Angus Girvan
·
Publicado
2026-01-16
·
Atualizado
2026-01-16
·
CVE-2026-1000
CVSS v3.1
6.5
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
MailerLite - WooCommerce integration plugin for WordPress versions up to and including 3.1.3
Description
The MailerLite - WooCommerce integration plugin for WordPress is susceptible to unauthorized data modification and deletion. This is caused by a lack of appropriate capability checks within the
resetIntegration() function. Authenticated attackers possessing Subscriber-level access or higher can reset the plugin’s integration settings, delete all plugin options, and remove the plugin’s database tables (woo mailerlite carts and woo mailerlite jobs). This can lead to a complete loss of plugin data, including customer abandoned cart information and synchronization job history.Recommendations
Update the MailerLite - WooCommerce integration plugin to version 3.1.4 or later.
Correção
LPE
Missing Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Mailerlite – Woocommerce Integration
Woocommerce