CVE-2026-56010
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk30th percentile — higher than 30% of all known CVEs
Summary
The vulnerability in the Abandoned Cart Pro plugin for WooCommerce version 10.4.0 and below allows subscribers to escalate privileges. An attacker can exploit this flaw to gain unauthorized access to administrative functions.
Risk Assessment
The risk involves potential takeover of the WooCommerce store by an unprivileged user, leading to customer data theft, product modification, or system integrity compromise.
Recommendation
It is recommended to immediately update the Abandoned Cart Pro plugin to a version newer than 10.4.0. Also review user permissions and restrict access to sensitive functions.
Original NVD description (English source)
Subscriber Privilege Escalation in Abandoned Cart Pro for WooCommerce <= 10.4.0 versions.

