Unauthenticated Access Control Flaw in Montonio for WooCommerce by Patchstack
CVE-2026-48873

7.5HIGH

Key Information:

Vendor: WordPress
Status: Montonio For WooCommerce
Vendor: CVE Published:; 15 June 2026

What is CVE-2026-48873?

The Montonio plugin for WooCommerce exhibits a serious unauthorized access issue that allows attackers to potentially manipulate data and settings without proper authentication. This vulnerability affects users on all versions up to and including 10.1.2. By exploiting this flaw, attackers may gain unauthorized access to sensitive information and functionalities within the e-commerce platform.

Affected Version(s)

Montonio for WooCommerce <= 10.1.2

References

https://patchstack.com/database/wordpress/plugin/montonio...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 15, 2026
Vulnerability Reserved
May 25, 2026

Credit

Niv Kochan | Patchstack Bug Bounty Program

CVE-2026-48873 Data

JSON

WordPress

What is CVE-2026-48873?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit