Description
Improper Access Control vulnerability in Themeisle PPOM for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects PPOM for WooCommerce: from n/a through 33.0.18.
Published: 2026-06-25
Score: 6.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an improper access control flaw in the Themeisle PPOM for WooCommerce plugin. It stems from incorrectly configured security levels that allow attackers to bypass intended restrictions and perform actions they should not be able to, potentially compromising the confidentiality, integrity, or availability of the e‑commerce site.

Affected Systems

The flaw affects the PPOM for WooCommerce plugin distributed by Themeisle, impacting versions up through 33.0.18. Any installation of the plugin within this version range is susceptible, regardless of the broader WordPress environment.

Risk and Exploitability

With a CVSS score of 6.5, the risk is moderate. The EPSS score is not publicly available, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, an attacker would need to exploit the plugin’s misconfigured access controls, which may require some level of authenticated access within the WooCommerce ecosystem; however, the specific attack vector is not detailed in the advisory.

Generated by OpenCVE AI on June 25, 2026 at 15:43 UTC.

Remediation

Vendor Solution

Update the WordPress PPOM for WooCommerce Plugin to the latest available version (at least 34.0.0).

OpenCVE Recommended Actions

  • Upgrade the Themeisle PPOM for WooCommerce plugin to version 34.0.0 or newer according to the official vendor recommendation.
  • After upgrading, verify that all access control settings are correctly applied and that no elevated privileges remain assigned to untrusted users.
  • If the plugin is not essential to the site’s functionality, consider uninstalling it to eliminate the attack surface.

Generated by OpenCVE AI on June 25, 2026 at 15:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
First Time appeared Themeisle
Themeisle ppom For Woocommerce
Wordpress
Wordpress wordpress
Vendors & Products Themeisle
Themeisle ppom For Woocommerce
Wordpress
Wordpress wordpress

Thu, 25 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 25 Jun 2026 14:00:00 +0000

Type Values Removed Values Added
Description Improper Access Control vulnerability in Themeisle PPOM for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PPOM for WooCommerce: from n/a through 33.0.18.
Title WordPress PPOM for WooCommerce plugin <= 33.0.18 - Broken Access Control vulnerability
Weaknesses CWE-284
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L'}

Subscriptions

Themeisle Ppom For Woocommerce
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-06-25T14:03:06.564Z

Reserved: 2026-06-18T14:37:51.351Z

Link: CVE-2026-56050

cve-icon Vulnrichment

Updated: 2026-06-25T14:03:03.432Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T00:00:13Z

Weaknesses