Cross-Site Scripting in Min Max Step Quantity Limits Manager for WooCommerce
CVE-2026-39437

7.1HIGH

Key Information:

Vendor: WordPress
Status: Min Max Step Quantity Limits Manager For WooCommerce
Vendor: CVE Published:; 16 June 2026

What is CVE-2026-39437?

A vulnerability exists in the Min Max Step Quantity Limits Manager for WooCommerce that allows unauthenticated attackers to execute arbitrary JavaScript code within a user's browser session. This can lead to session hijacking, data theft, or other malicious activities by exploiting improper handling of input data in specific parameters of the plugin.

Affected Version(s)

Min Max Step Quantity Limits Manager for WooCommerce <= 5.2.2

References

https://patchstack.com/database/wordpress/plugin/product-...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 16, 2026
Vulnerability Reserved
Apr 7, 2026

Credit

hivesec | Patchstack Bug Bounty Program

CVE-2026-39437 Data

JSON