PT-2026-27854 · Automattic+1 · Woocommerce+1
Published
2026-03-25
·
Updated
2026-03-30
·
CVE-2026-24372
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Subscriptions for WooCommerce versions through 1.8.10
Description
An authentication bypass by spoofing issue exists in WP Swings Subscriptions for WooCommerce. This allows for input data manipulation. The issue impacts the Subscriptions for WooCommerce plugin.
Recommendations
Update Subscriptions for WooCommerce to a version later than 1.8.10.
Fix
Authentication Bypass by Spoofing
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Woocommerce Subscriptions
Woocommerce