CVE Catalog

CVE-2026-56010

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.38%

30th percentile — higher than 30% of all known CVEs

Summary

The vulnerability in the Abandoned Cart Pro plugin for WooCommerce version 10.4.0 and below allows subscribers to escalate privileges. An attacker can exploit this flaw to gain unauthorized access to administrative functions.

Risk Assessment

The risk involves potential takeover of the WooCommerce store by an unprivileged user, leading to customer data theft, product modification, or system integrity compromise.

Recommendation

It is recommended to immediately update the Abandoned Cart Pro plugin to a version newer than 10.4.0. Also review user permissions and restrict access to sensitive functions.

Original NVD description (English source)

Subscriber Privilege Escalation in Abandoned Cart Pro for WooCommerce <= 10.4.0 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS