Authentication Bypass Vulnerability in ZAYTECH Smart Online Order for Clover
CVE-2026-42745

7.3HIGH

Key Information:

Vendor: WordPress
Status: Smart Online Order For Clover
Vendor: CVE Published:; 27 May 2026

What is CVE-2026-42745?

An authentication bypass vulnerability has been identified in the Smart Online Order for Clover platform developed by ZAYTECH. This flaw allows unauthorized users to gain access by utilizing an alternate path or channel, compromising the integrity of the system. The vulnerability affects versions up to 1.6.0, putting sensitive data at risk for those utilizing this online order system.

Affected Version(s)

Smart Online Order for Clover 0 <= 1.6.0

References

https://patchstack.com/database/Wordpress/Plugin/clover-o...

vdb-entry

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
Apr 29, 2026

Credit

she11f | Patchstack Bug Bounty Program

CVE-2026-42745 Data

JSON