CVE Catalog

CVE-2026-54846

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Summary

The Syncee Premium Dropshipping & Wholesale plugin in version 1.0.27 and below contains an unauthenticated broken access control vulnerability. An attacker without authentication can gain unauthorized access to protected functions or data.

Risk Assessment

The risk involves unauthorized access to sensitive data or administrative functions, potentially leading to information disclosure or takeover of the store.

Recommendation

It is recommended to immediately update the plugin to the latest available version that fixes this vulnerability. Also review the access control configuration in the system.

Original NVD description (English source)

Unauthenticated Broken Access Control in Syncee Premium Dropshipping &amp; Wholesale <= 1.0.27 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS