CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2026-49060

CVSS 9.8v3.1pub. 2026-06-11upd. 2026-06-12

Incorrect Privilege Assignment vulnerability in Hippoo Mobile App for WooCommerce allows Privilege Escalation. This issue affects Hippoo Mobile App for WooCommerce: from n/a through 1.9.4.

🤖 AI Analysis
How it works

The vulnerability classified as CWE-266 (Incorrect Privilege Assignment) involves improper privilege assignment in the plugin's logic. An attacker can, without possessing any credentials, send a properly crafted request to the vulnerable endpoint and obtain a higher level of access than intended. The mechanism enables privilege escalation, which in a WordPress environment can mean taking over the administrator role.

Impact

An attacker can obtain elevated privileges in the WordPress application, potentially taking full control of the website, including access to WooCommerce store customer data and the ability to modify system configuration.

Mitigation & patch

The Hippoo Mobile App for WooCommerce plugin should be updated to a version higher than 1.9.4. Details regarding the available patch can be found in the manufacturer's references and in the Patchstack database.

Who is affected

WordPress plugin Hippoo Mobile App for WooCommerce in versions from its inception through 1.9.4 inclusive.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
LPE
CWE
References