WordPress Plugin Vulnerabilities

Live sales notification for WooCommerce <= 2.3.47 - Missing Authorization

Description

The plugin is vulnerable to unauthorized access due to a missing capability check on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action.

Affects Plugins

Plugin icon
live-sales-notifications-for-woocommerce
No known fix

References

CVE
CVE-2026-27066
URL
https://patchstack.com/database/Wordpress/Plugin/live-sales-notifications-for-woocommerce/vulnerability/wordpress-live-sales-notification-for-woocommerce-plugin-2-3-44-broken-access-control-vulnerability

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Athiwat Tiprasaharn (Jitlada)
Verified
No
WPVDB ID
f6f636e9-dbbb-4e67-94d5-8f59326098ac

Timeline

Publicly Published
2026-01-11 (about 4 months ago)
Added
2026-02-26 (about 2 months ago)
Last Updated
2026-03-03 (about 2 months ago)

Other

Published
Title
Published
2026-02-18
Title
Book Landing Page < 1.2.8 - Missing Authorization
Published
2023-11-07
Title
BadgeOS <= 3.7.1.6 - Missing Authorization
Published
2025-12-23
Title
Dreamer Blog <= 1.2 - Subscriber+ Arbitrary Plugin Installation
Published
2025-01-03
Title
WPvivid Backup and Migration < 0.9.107 - Missing Authorization
Published
2022-05-27
Title
Plausible Analytics < 1.2.4 - Subscriber+ Arbitrary Settings Update