CVE-2026-3589

Name of the Vulnerable Software and Affected Versions WooCommerce versions 5.4.0 through 10.5.2

Description The WooCommerce WordPress plugin does not properly handle batch requests, potentially allowing unauthenticated users to execute administrative actions on non-store REST endpoints. This could enable the creation of arbitrary administrator users through a Cross-Site Request Forgery (CSRF) attack.

Recommendations Update WooCommerce to a version later than 10.5.2.