Security Advisory

CVE-2026-3589

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-06 09:11:10

Last updated 2026-03-06 17:44:58

Assigner WPScan

State PUBLISHED

Description

The WooCommerce WordPress plugin from versions 5.4.0 to 10.5.2 does not properly handle batch requests, which could allow unauthenticated users to make a logged in admin call non store/WC REST endpoints, and create arbitrary admin users via a CSRF attack for example.

← Browse all CVEs View on cve.org ↗