PT-2026-20296 · WordPress+1 · Cart All In One For Woocommerce+1
Phap Nguyen Anh
·
Published
2026-02-18
·
Updated
2026-02-23
·
CVE-2026-2019
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Cart All In One For WooCommerce versions prior to 1.1.22
Description
The Cart All In One For WooCommerce plugin for WordPress is susceptible to code execution. This occurs because of inadequate input validation on the 'Assign page' field, which is directly passed to the
eval() function. This allows authenticated attackers with Administrator-level access or higher to execute arbitrary PHP code on the server.Recommendations
Update Cart All In One For WooCommerce to version 1.1.22 or later.
Fix
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cart All In One For Woocommerce
Woocommerce