Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools < 7.11.3 – Missing Authorization | CVE 2026-32586 | Plugin Vulnerabilities

Description

The Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to 7.11.3 (exclusive). This makes it possible for unauthenticated attackers to perform an unauthorized action.

Affects Plugins

woocommerce-jetpack

Fixed in 7.11.3

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/1ec5edef-cd51-4321-91bb-d1bfce58cd45

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Nguyen Ba Khanh

Verified

No

WPVDB ID

51f0cf0c-03fe-44d3-9db7-64d01c9754e0

Timeline

Publicly Published

2026-03-17 (about 3 months ago)

Added

2026-03-27 (about 2 months ago)

Last Updated

2026-03-27 (about 2 months ago)

Other

Published

Title

Published

2025-12-15

Title

LearnPress – WordPress LMS Plugin < 4.3.2 - Missing Authorization to Unauthenticated Orders Statistics Exposure

Published

2024-04-05

Title

Bricksforge < 2.1.1 - Missing Authorization to Unauthenticated WordPress Settings Deletion

Published

2026-05-01

Title

Paid Memberships Pro < 3.6.6 - Missing Authorization to Authenticated (Subscriber+) Stripe Webhook Deletion and Payment Processing Disruption

Published

2026-02-19

Title

Ally < 4.0.3 - Missing Authorization

Published

2023-09-22

Title

Ad Inserter – Ad Manager & AdSense Ads < 2.7.31 - Unauthenticated Sensitive Information Exposure