{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32586", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-03-12T11:12:57.709Z", "datePublished": "2026-03-17T08:24:13.299Z", "dateUpdated": "2026-04-01T16:00:45.860Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "woocommerce-jetpack", "product": "Booster for WooCommerce", "vendor": "Pluggabl", "versions": [{"changes": [{"at": "7.11.3", "status": "unaffected"}], "lessThanOrEqual": "7.11.3", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Nguyen Ba Khanh | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:44:06.931Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Booster for WooCommerce: from n/a through < 7.11.3.</p>"}], "value": "Missing Authorization vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster for WooCommerce: from n/a through < 7.11.3."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-01T16:00:45.860Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/woocommerce-jetpack/vulnerability/wordpress-booster-for-woocommerce-plugin-7-11-3-broken-access-control-vulnerability?_s_id=cve"}], "title": "WordPress Booster for WooCommerce plugin < 7.11.3 - Broken Access Control vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-17T12:58:16.113686Z", "id": "CVE-2026-32586", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-17T12:58:30.886Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32586", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-17T12:58:16.113686Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-17T12:58:21.043Z"}}], "cna": {"tags": ["x_open-source"], "title": "WordPress Booster for WooCommerce plugin < 7.11.3 - Broken Access Control vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Nguyen Ba Khanh | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Pluggabl", "product": "Booster for WooCommerce", "versions": [{"status": "affected", "changes": [{"at": "7.11.3", "status": "unaffected"}], "version": "n/a", "lessThan": "7.11.3", "versionType": "custom"}], "packageName": "woocommerce-jetpack", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update the WordPress Booster for WooCommerce Plugin to the latest available version (at least 7.11.3).", "supportingMedia": [{"type": "text/html", "value": "Update the WordPress Booster for WooCommerce Plugin to the latest available version (at least 7.11.3).", "base64": false}]}], "references": [{"url": "https://patchstack.com/database/wordpress/plugin/woocommerce-jetpack/vulnerability/wordpress-booster-for-woocommerce-plugin-7-11-3-broken-access-control-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Pluggabl Booster for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster for WooCommerce: from n/a before 7.11.3.", "supportingMedia": [{"type": "text/html", "value": "Missing Authorization vulnerability in Pluggabl Booster for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Booster for WooCommerce: from n/a before 7.11.3.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-03-17T08:24:13.299Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32586", "state": "PUBLISHED", "dateUpdated": "2026-03-17T12:58:30.886Z", "dateReserved": "2026-03-12T11:12:57.709Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-03-17T08:24:13.299Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster for WooCommerce: from n/a through < 7.11.3."}, {"lang": "es", "value": "Vulnerabilidad de autorizaci\u00f3n faltante en Pluggabl Booster para WooCommerce permite la explotaci\u00f3n de niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Booster para WooCommerce: desde n/d antes de 7.11.3."}], "id": "CVE-2026-32586", "lastModified": "2026-04-01T17:28:39.247", "metrics": {}, "published": "2026-03-17T09:16:14.440", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/woocommerce-jetpack/vulnerability/wordpress-booster-for-woocommerce-plugin-7-11-3-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,7.11.3)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Booster for WooCommerce", "source": "cna", "vendor": "Pluggabl"}, "product": "booster_for_woocommerce", "vendor": "pluggabl"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-03-17T09:20:30.766256+00:00", "value": {"mitigation_remediation": ["Update the WordPress Booster for WooCommerce plugin to version 7.11.3 or newer.", "If an update cannot be performed immediately, restrict access to the plugin\u2019s administrative pages by configuring role\u2011based permissions or applying a web\u2011application firewall rule.", "Verify that the site\u2019s user roles and capabilities are correctly configured and review the plugin\u2019s documentation for additional security guidance."], "summary": {"action": "Patch", "impact": "Access Control Bypass"}, "threat_synthesis": {"affected_systems": "The affected product is the WordPress Booster for WooCommerce plugin, all versions prior to 7.11.3. Any WordPress site that has installed the plugin before the 7.11.3 release is potentially impacted.", "description_and_impact": "The vulnerability is a Missing Authorization flaw in the Pluggabl Booster for WooCommerce plugin that allows an attacker to exploit incorrectly configured access control security levels. This defect enables unauthorized access to functions or data that should be restricted, effectively bypassing the plugin\u2019s authorization checks. The weakness is identified as CWE-862 (Missing Authorization).", "risk_and_exploitability": "The CVSS score of 5.3 indicates a medium severity level. The EPSS score is not available, so the exact likelihood of exploitation cannot be quantified, but the vulnerability can be triggered via web requests to the plugin\u2019s endpoints without proper authorization checks. Because it is a remote web-based attack vector and the plugin is widely used, the risk is moderate. The vulnerability is not currently listed in the CISA KEV catalog."}}}}, "created": "2026-03-17T09:51:52.704439+00:00", "updated": "2026-03-24T10:49:30.856383+00:00", "vendors": ["pluggabl", "pluggabl$PRODUCT$booster_for_woocommerce", "wordpress", "wordpress$PRODUCT$wordpress"]}