Missing Authorization Vulnerability in JTL-Connector for WooCommerce Plugin by WordPress
CVE-2026-9234

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Jtl-connector For WooCommerce
Vendor: CVE Published:; 2 June 2026

What is CVE-2026-9234?

The JTL-Connector for WooCommerce plugin for WordPress suffers from a security flaw that lacks proper capability checks and nonce verification. This vulnerability, present in versions up to and including 2.4.1, allows authenticated users with Subscriber-level or higher access to execute unauthorized actions. Attackers can exploit this issue to alter plugin settings, download sensitive developer log files, and even delete these logs, potentially compromising the security and integrity of the WordPress site.

Affected Version(s)

JTL-Connector for WooCommerce 0 <= 2.4.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/woo-jtl-connec...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 2, 2026
Vulnerability Reserved
May 21, 2026

Credit

Muhan Luo

CVE-2026-9234 Data

JSON