SQL Injection Vulnerability in Cargo Shipping Location for WooCommerce
CVE-2026-54815

9.3CRITICAL

Key Information:

Vendor: WordPress
Status: Cargo Shipping Location For WooCommerce
Vendor: CVE Published:; 17 June 2026

What is CVE-2026-54815?

An SQL Injection vulnerability exists in the Cargo Shipping Location for WooCommerce plugin, enabling attackers to execute malicious SQL statements. This flaw could allow unauthorized access to sensitive database information, potentially compromising the integrity and security of affected WordPress sites. Users of versions from n/a through 5.6 are at risk and should consider immediate updates to ensure protection.

Affected Version(s)

Cargo Shipping Location for WooCommerce <= 5.6

References

https://patchstack.com/database/wordpress/plugin/cargo-sh...

vdb-entry

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 17, 2026
Vulnerability Reserved
Jun 16, 2026

Credit

Benedictus Jovan (aillesim/eneri) | Patchstack Bug Bounty Program

CVE-2026-54815 Data

JSON