Access Control Configuration Flaw in SureCart by SureCart
CVE-2026-39488

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Surecart
Vendor: CVE Published:; 8 April 2026

What is CVE-2026-39488?

A Missing Authorization vulnerability exists in the SureCart plugin, which could allow attackers to exploit incorrectly configured access control security levels. This issue specifically affects SureCart versions up to and including 4.0.2, potentially exposing sensitive data and functionalities to unauthorized users. Proper configuration and timely updates are essential to mitigate such vulnerabilities.

Affected Version(s)

SureCart 0 <= 4.0.2

References

https://patchstack.com/database/Wordpress/Plugin/surecart...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 8, 2026
Vulnerability Reserved
Apr 7, 2026

Credit

Trương Hữu Phúc (truonghuuphuc) | Patchstack Bug Bounty Program

CVE-2026-39488 Data

JSON