Missing Authorization Vulnerability in Wombat Plugins for WooCommerce
CVE-2026-32457

5.3MEDIUM

Key Information:

Vendor: WordPress
Status: Advanced Product Fields (product Addons) For WooCommerce
Vendor: CVE Published:; 13 March 2026

What is CVE-2026-32457?

The Advanced Product Fields (Product Addons) for WooCommerce plugin by Wombat Plugins is susceptible to a missing authorization vulnerability, potentially allowing unauthorized users to exploit incorrectly configured access controls. The vulnerability affects versions up to and including 1.6.18, enabling attackers to bypass intended security measures, which could lead to unauthorized access to sensitive data and functionality. Website owners using affected versions are strongly advised to update their plugins to mitigate the risk associated with this vulnerability.

Affected Version(s)

Advanced Product Fields (Product Addons) for WooCommerce 0 <= 1.6.18

References

https://patchstack.com/database/Wordpress/Plugin/advanced...

vdb-entry

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 13, 2026
Vulnerability Reserved
Mar 12, 2026

Credit

timomangcut | Patchstack Bug Bounty Program

CVE-2026-32457 Data

JSON

WordPress

What is CVE-2026-32457?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit