CVE Catalog

CVE-2026-57341

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.26%

17th percentile — higher than 17% of all known CVEs

Summary

The Colissimo Officiel : Méthodes de livraison pour WooCommerce plugin version 2.9.0 and below contains an unauthenticated Insecure Direct Object References (IDOR) vulnerability. This allows an attacker without authentication to access sensitive data or operations by manipulating object identifiers.

Risk Assessment

The risk involves unauthorized access to order data, customer information, or shipping configuration, potentially leading to leakage of business information and privacy breaches.

Recommendation

It is recommended to immediately update the plugin to the latest available version that fixes this vulnerability. Also review access logs for suspicious requests.

Original NVD description (English source)

Unauthenticated Insecure Direct Object References (IDOR) in Colissimo Officiel : Méthodes de livraison pour WooCommerce <= 2.9.0 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS