Unauthenticated Access Control Flaw in WooCommerce POS by WooCommerce
CVE-2026-52711

7.5HIGH

Key Information:

Vendor

WordPress
Status
WooCommerce Pos
Vendor
CVE Published:
16 June 2026

What is CVE-2026-52711?

An unauthenticated access control vulnerability exists in WooCommerce POS versions up to 1.8.14, allowing unauthorized users to potentially access sensitive system functions. This flaw arises from insufficient checks on user permissions, permitting exploitation opportunities for unauthorized actions, which could compromise user data and site integrity.

Affected Version(s)

WooCommerce POS <= 1.8.14

References

https://patchstack.com/database/wordpress/plugin/woocomme...
vdb-entry

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Nguyen Ba Khanh | Patchstack Bug Bounty Program
.