CyberRota
← Ana sayfaya dön

CVE-2026-7655

HIGH · CVSS 8.1

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-07-11T06:16:10.657 · Çekilme zamanı: 2026-07-11T12:05:27.158887+00:00

CyberRota Yorumu

Detaylı analiz gerekiyor.

CVE
CVE-2026-7655
Severity
HIGH
CVSS
8.1
EPSS
Yok
WordPress

Orijinal NVD Açıklaması

The SureCart plugin for WordPress is vulnerable to privilege escalation via account takeover in versions up to, and including, 4.2.3. This is due to the plugin not properly validating a user's identity prior to updating their details like email during customer profile synchronization from webhook events. This makes it possible for unauthenticated attackers to change linked user's email addresses, including administrators if the administrator account is linked to a SureCart customer record, and leverage that to reset the user's password and gain access to their account if the customer ID is known.