CVE Catalog
CVE-2026-54846
HighCVSS 7.5Summary
The Syncee Premium Dropshipping & Wholesale plugin in version 1.0.27 and below contains an unauthenticated broken access control vulnerability. An attacker without authentication can gain unauthorized access to protected functions or data.
Risk Assessment
The risk involves unauthorized access to sensitive data or administrative functions, potentially leading to information disclosure or takeover of the store.
Recommendation
It is recommended to immediately update the plugin to the latest available version that fixes this vulnerability. Also review the access control configuration in the system.
Original NVD description (English source)
Unauthenticated Broken Access Control in Syncee Premium Dropshipping & Wholesale <= 1.0.27 versions.

