A vulnerability was found in SureCart Plugin up to 4.2.3 on WordPress and classified as critical. Affected by this issue is some unknown functionality of the component Profile Synchronization. Executing a manipulation of the argument email can lead to improper synchronization.

This vulnerability is tracked as CVE-2026-7655. The attack can be launched remotely. No exploit exists.