PT-2026-3218 · Unknown+1 · Woocommerce+1
Angus Girvan
·
Published
2026-01-16
·
Updated
2026-01-16
·
CVE-2026-1000
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
MailerLite - WooCommerce integration plugin for WordPress versions up to and including 3.1.3
Description
The MailerLite - WooCommerce integration plugin for WordPress is susceptible to unauthorized data modification and deletion. This is caused by a lack of appropriate capability checks within the
resetIntegration() function. Authenticated attackers possessing Subscriber-level access or higher can reset the plugin’s integration settings, delete all plugin options, and remove the plugin’s database tables (woo mailerlite carts and woo mailerlite jobs). This can lead to a complete loss of plugin data, including customer abandoned cart information and synchronization job history.Recommendations
Update the MailerLite - WooCommerce integration plugin to version 3.1.4 or later.
Fix
LPE
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mailerlite – Woocommerce Integration
Woocommerce