CVE-2026-56023

Publié : 25 juin 2026

Modifié : 25 juin 2026

Lien officiel NVD

Score CVSS

5.4

MEDIUM

Description détaillée

Customer Broken Access Control in UPI QR Code Payment Gateway for WooCommerce <= 1.6.2 versions.

Vecteur d'attaque (CVSS)

Vecteur brut :CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Références et Patchs

https://patchstack.com/database/wordpress/plugin/upi-qr-code-payment-for-woocommerce/vulnerability/wordpress-upi-qr-code-payment-gateway-for-woocommerce-plugin-1-6-2-broken-access-control-vulnerability?_s_id=cve

Dernières Vulnérabilités

CVE-2026-9718

CWE-617 Reachable Assertion vulnerability exists that could allow an authenticated attacker to trigger a denial-of-service condition, impacting system availability when a specially crafted request is sent to a vulnerable network-exposed service.

VOIR DÉTAILS

CVE-2026-9717

CWE-78 Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could allow unauthorized execution of commands with elevated privileges, impacting system integrity, confidentiality, and availability when a privileged authenticated user interacts with a vulnerable network-exposed service.

VOIR DÉTAILS

CVE-2026-9716

CWE-476 NULL Pointer Dereference vulnerability exists that could cause a denial-of-service condition, rendering the device’s HMI and configuration functionality unavailable when malformed requests are received over exposed network interfaces.

VOIR DÉTAILS