CVE-2026-1128

Medium CVSS: 4.3

The WP eCommerce WordPress plugin through 3.15.1 does not have CSRF check in place when deleting coupons, which could allow attackers to make a logged in admin remove them via a CSRF attack

Vendor

Product

CWE

CWE-352

Yayın Tarihi

2026-03-06 06:15:57

Güncelleme

2026-03-09 13:36:08

Source Identifier

contact@wpscan.com

KEV Date Added

Kategoriler

CWE-352 MEDIUM 2026

Referanslar

https://wpscan.com/vulnerability/35010d36-f985-4121-b7ee-c97edf724a7f/