CVE Catalog
CVE-2026-57632
MediumCVSS 5.4Exploitation Probability (EPSS)
Low risk0.28%
19th percentile — higher than 19% of all known CVEs
Summary
The Email Marketing for WooCommerce by Omnisend plugin in versions 1.19.0 and earlier contains a broken access control vulnerability exploitable by subscribers. A user with the subscriber role can gain unauthorized access to administrative functions.
Risk Assessment
The risk involves privilege escalation by a subscriber, potentially leading to unauthorized access to sensitive data or plugin functions.
Recommendation
It is recommended to immediately update the plugin to the latest available version that fixes this vulnerability.
Original NVD description (English source)
Subscriber Broken Access Control in Email Marketing for WooCommerce by Omnisend <= 1.19.0 versions.

