Unauthorized Modification and Data Loss in DHL eCommerce Plugin for WooCommerce
CVE-2026-9235
4.3MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 9 July 2026
What is CVE-2026-9235?
The DHL eCommerce (Benelux) plugin for WooCommerce contains vulnerabilities that allow authenticated users with Subscriber-level access and above to manipulate DHL shipping labels. Specifically, the create_label() and delete_label() functions lack necessary checks to validate user permissions. This oversight permits attackers to create or delete shipping labels associated with any WooCommerce order on the platform, thereby risking unauthorized modifications and potential data loss.
Affected Version(s)
DHL eCommerce (Benelux) for WooCommerce 0 <= 2.2.3