CVE-2026-3589 | Automattic WooCommerce Plugin up to 10.5.2 on WordPress WC REST Endpoint cross-site request forgery

Inserito da Angelo Barbosa | Mar 6, 2026 | CVE

A vulnerability was found in Automattic WooCommerce Plugin on WordPress and classified as problematic. This issue affects some unknown processing of the component WC REST Endpoint. Such manipulation leads to cross-site request forgery.

This vulnerability is referenced as CVE-2026-3589. It is possible to launch the attack remotely. No exploit is available.

It is suggested to upgrade the affected component.

CVE-2026-3589 | Automattic WooCommerce Plugin up to 10.5.2 on WordPress WC REST Endpoint cross-site request forgery

Post correlati

CVE-2025-41714 | Welotec SmartEMS Web Application up to 3.3.5 Request Header Upload-Key path traversal (VDE-2025-085)

CVE-2024-8947 | MicroPython 1.22.2 py/objarray.c use after free (Issue 13283)

CVE-2023-42757 | Process Explorer prior 17.04 Error denial of service

CVE-2026-3293 | snowflakedb snowflake-jdbc up to 4.0.1 JDBC URL SdkProxyRoutePlanner.java SdkProxyRoutePlanner nonProxyHosts redos (Issue 2505)