Authentication Bypass in WP Swings Subscriptions for WooCommerce
CVE-2026-24372

7.5HIGH

Key Information:

Vendor: WordPress
Status: Subscriptions For WooCommerce
Vendor: CVE Published:; 25 March 2026

What is CVE-2026-24372?

A security vulnerability exists in the WP Swings Subscriptions for WooCommerce plugin, which allows unauthorized users to bypass authentication checks. This flaw can be exploited through input data manipulation, potentially enabling attackers to access sensitive subscription functionalities without proper validation. Users are advised to update to the latest version of the plugin to mitigate this risk.

Affected Version(s)

Subscriptions for WooCommerce <= n/a

References

https://patchstack.com/database/Wordpress/Plugin/subscrip...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 25, 2026
Vulnerability Reserved
Jan 22, 2026

Credit

PPzzAArr | Patchstack Bug Bounty Program

CVE-2026-24372 Data

JSON

WordPress

What is CVE-2026-24372?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit