CVE-2026-42654

WordPress Wallet System for WooCommerce plugin <= 2.7.5 - Broken Authentication vulnerability

CVSS 7.1 HIGHEPSS 0.2%CWE-288

Vexday Risk Score

21Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 7.1EPSS 0.2%KEV nãoPoC —Patch —

Ciclo de vida

02 jun 2026Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Swings Wallet System for WooCommerce allows Password Recovery Exploitation. This issue affects Wallet System for WooCommerce: from n/a through 2.7.5.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

Productos afectados

WP Swings · Wallet System for WooCommerce

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://patchstack.com/database/wordpress/plugin/wallet-system-for-woocommerce/vulnerability/wordpress-wallet-system-for-woocommerce-plugin-2-7-5-broken-authentication-vulnerability?_s_id=cve