CVE-2026-7655 in SureCart Pluginالمعلومات

الملخص

بحسب MITRE • 11/07/2026

The SureCart plugin for WordPress is vulnerable to privilege escalation via account takeover in versions up to, and including, 4.2.3. This is due to the plugin not properly validating a user's identity prior to updating their details like email during customer profile synchronization from webhook events. This makes it possible for unauthenticated attackers to change linked user's email addresses, including administrators if the administrator account is linked to a SureCart customer record, and leverage that to reset the user's password and gain access to their account if the customer ID is known.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

مسؤول

Wordfence

حجز

01/05/2026

إفشاء

11/07/2026

الاعتدال

تمت الموافقة

إدخال

VDB-377753

EPSS

0.00000

KEV

لا

النشاطات

منخفض

القطاع

Hostingprovider

المصادر

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!