CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2026-39583

CVSS 9.8v3.1pub. 2026-06-15

Unauthenticated Privilege Escalation in Datalogics Ecommerce Delivery <= 2.6.62 versions.

🤖 AI Analysis
How it works

The vulnerability classified as CWE-266 (Incorrect Privilege Assignment) involves improper privilege assignment in the plugin. An unauthenticated attacker can invoke a specific plugin functionality, which results in granting them higher privileges than they should have. The lack of access control mechanisms allows the attack to be conducted remotely without user interaction.

Impact

An attacker can obtain elevated privileges in the WordPress system, which in practice may mean taking control of the website, modifying content, stealing data, or installing malicious software.

Mitigation & patch

The Datalogics Ecommerce Delivery plugin should be updated to a version higher than 2.6.62. Detailed information about the available patch is available in the vendor's references and in the Patchstack database.

Who is affected

WordPress Datalogics Ecommerce Delivery plugin in versions 2.6.62 and earlier

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
LPE
CWE
References