Authentication Bypass Vulnerability in WP Swings Wallet System for WooCommerce
CVE-2026-42654

7.1HIGH

Key Information:

Vendor: WordPress
Status: Wallet System For WooCommerce
Vendor: CVE Published:; 2 June 2026

What is CVE-2026-42654?

The Wallet System for WooCommerce from WP Swings is subject to an authentication bypass vulnerability that can be exploited via a manipulated password recovery process. This flaw allows unauthorized access by bypassing normal authentication mechanisms, thereby exposing sensitive information and compromising the security of user accounts. Affected versions range from n/a up to 2.7.5, highlighting the urgency for users to update their installations to safeguard against potential attacks.

Affected Version(s)

Wallet System for WooCommerce <= 2.7.5

References

https://patchstack.com/database/wordpress/plugin/wallet-s...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 2, 2026
Vulnerability Reserved
Apr 29, 2026

Credit

Jakub Herman | Patchstack Bug Bounty Program

CVE-2026-42654 Data

JSON