CVE Catalog

CVE-2026-49060

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.04%

13th percentile — higher than 13% of all known CVEs

Summary

The Hippoo Mobile App for WooCommerce has a vulnerability related to incorrect privilege assignment, allowing privilege escalation.

Risk Assessment

Privilege escalation may lead to unauthorized access to sensitive data or application functions, posing a significant security threat to the organization.

Recommendation

It is recommended to update the Hippoo app to the latest version to mitigate this vulnerability and conduct a user privilege audit.

Original NVD description (English source)

Incorrect Privilege Assignment vulnerability in Hippoo Mobile App for WooCommerce allows Privilege Escalation. This issue affects Hippoo Mobile App for WooCommerce: from n/a through 1.9.4.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS