Authorization Bypass Vulnerability in WP Wham Checkout Files Upload by WordPress
CVE-2026-42725

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Checkout Files Upload For WooCommerce
Vendor: CVE Published:; 27 May 2026

What is CVE-2026-42725?

An authorization bypass vulnerability in the WP Wham Checkout Files Upload plugin allows attackers to access resources without proper authorization due to incorrectly configured access control settings. This issue particularly impacts users of the Checkout Files Upload for WooCommerce plugin versions from n/a up to 2.2.5, which could lead to unauthorized access and manipulation of files that should be restricted.

Affected Version(s)

Checkout Files Upload for WooCommerce 0 <= 2.2.5

References

https://patchstack.com/database/Wordpress/Plugin/checkout...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
Apr 29, 2026

Credit

devploit | Patchstack Bug Bounty Program

CVE-2026-42725 Data

JSON