CVE Catalog

CVE-2026-56013

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.24%

14th percentile — higher than 14% of all known CVEs

Summary

The License Manager for WooCommerce plugin version 3.0.15 and earlier contains an unauthenticated Insecure Direct Object References (IDOR) vulnerability. This allows an attacker to access sensitive data without requiring authentication.

Risk Assessment

The risk involves unauthorized reading or modification of license data, potentially leading to a breach of confidentiality and integrity of the license management system.

Recommendation

It is recommended to immediately update the License Manager for WooCommerce plugin to the latest available version that fixes this vulnerability.

Original NVD description (English source)

Unauthenticated Insecure Direct Object References (IDOR) in License Manager for WooCommerce <= 3.0.15 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS