Vulnerabilities

CVE-2026-1000 - MailerLite - WooCommerce integration <= 3.1.3 - missing authorization to data del...

2026-01-16 0 views admin

CVE ID : CVE-2026-1000 Published : Jan. 16, 2026, 5:16 a.m. | 36 minutes ago Description : The MailerLite - WooCommerce integration plugin for WordPress is vulnerable to unauthorized data modification and deletion in all versions up to, and including, 3.1.3. This is due to missing capability checks on the resetIntegration() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset the plugin's integration settings, delete all plugin options, and drop the plugin's database tables (woo_mailerlite_carts and woo_mailerlite_jobs), resulting in complete loss of plugin data including customer abandoned cart information and sync job history. Severity: 6.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-1000

Severity

MEDIUM

Published

Jan. 16, 2026

Affected Product: WordPress

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2026-1000mediumwordpress

CVE-2026-1000 - MailerLite - WooCommerce integration <= 3.1.3 - missing authorization to data del...

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2025-12006 - Supermicro BMC firmware update validation bypass

CVE-2025-14757 - Cost Calculator Builder <= 3.6.9 - missing authorization to unauthenticated paym...

CVE-2025-12007 - Supermicro BMC firmware update validation bypass

CVE-2025-14822 - DoS from quadratic complexity in model.ParseHashtags

Trending

Tech: Go-legacy-winxp: Compile Golang 1.24 code for Windows XP

Tech: Data is the only moat

Tech: Pocket TTS: A high quality TTS that gives your CPU a voice

Tech: AWS European Sovereign Cloud

Tech: JuiceFS is a distributed POSIX file system built on top of Redis and S3