Unauthenticated Access Control Issue in Hippoo Mobile App for WooCommerce
CVE-2026-49065

8.2HIGH

Key Information:

Vendor: WordPress
Status: Hippoo Mobile App For WooCommerce
Vendor: CVE Published:; 15 June 2026

What is CVE-2026-49065?

The Hippoo Mobile App for WooCommerce versions up to 1.9.5 is susceptible to an unauthenticated broken access control vulnerability. This flaw allows attackers to access sensitive areas of the application without proper authorization, potentially leading to unauthorized actions and exposure of sensitive information. Websites using this application should take immediate action to review their security settings and consider upgrading to a patched version to mitigate risks.

Affected Version(s)

Hippoo Mobile App for WooCommerce <= 1.9.5

References

https://patchstack.com/database/wordpress/plugin/hippoo/v...

vdb-entry

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 15, 2026
Vulnerability Reserved
May 27, 2026

Credit

manop55555 | Patchstack Bug Bounty Program

CVE-2026-49065 Data

JSON