CVE-2026-57341
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk17th percentile — higher than 17% of all known CVEs
Summary
The Colissimo Officiel : Méthodes de livraison pour WooCommerce plugin version 2.9.0 and below contains an unauthenticated Insecure Direct Object References (IDOR) vulnerability. This allows an attacker without authentication to access sensitive data or operations by manipulating object identifiers.
Risk Assessment
The risk involves unauthorized access to order data, customer information, or shipping configuration, potentially leading to leakage of business information and privacy breaches.
Recommendation
It is recommended to immediately update the plugin to the latest available version that fixes this vulnerability. Also review access logs for suspicious requests.
Original NVD description (English source)
Unauthenticated Insecure Direct Object References (IDOR) in Colissimo Officiel : Méthodes de livraison pour WooCommerce <= 2.9.0 versions.

