CVE-2026-57633
MediumCVSS 5.3Summary
The WCBoost – Products Compare plugin in versions 1.1.0 and below allows unauthenticated users to access sensitive data. This vulnerability stems from a lack of proper security on API endpoints or pages that display confidential information.
Risk Assessment
An unauthenticated attacker can gain access to data such as product details, comparison configurations, or other sensitive information stored by the plugin, potentially leading to data leakage and privacy breaches.
Recommendation
Immediately update the WCBoost – Products Compare plugin to the latest available version that fixes this vulnerability. If an update is not possible, temporarily disable the plugin until a patch is released.
Original NVD description (English source)
Unauthenticated Sensitive Data Exposure in WCBoost – Products Compare <= 1.1.0 versions.

