CVE Catalog

CVE-2026-57633

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Summary

The WCBoost – Products Compare plugin in versions 1.1.0 and below allows unauthenticated users to access sensitive data. This vulnerability stems from a lack of proper security on API endpoints or pages that display confidential information.

Risk Assessment

An unauthenticated attacker can gain access to data such as product details, comparison configurations, or other sensitive information stored by the plugin, potentially leading to data leakage and privacy breaches.

Recommendation

Immediately update the WCBoost – Products Compare plugin to the latest available version that fixes this vulnerability. If an update is not possible, temporarily disable the plugin until a patch is released.

Original NVD description (English source)

Unauthenticated Sensitive Data Exposure in WCBoost &#8211; Products Compare <= 1.1.0 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS