{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25419", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-02-02T12:53:26.262Z", "datePublished": "2026-02-19T08:27:06.818Z", "dateUpdated": "2026-04-28T16:14:58.592Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "checkout-upsell-and-order-bumps", "product": "UpsellWP", "vendor": "flycart", "versions": [{"lessThanOrEqual": "2.2.5", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Rapid0nion | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:05:09.692Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in flycart UpsellWP checkout-upsell-and-order-bumps allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects UpsellWP: from n/a through <= 2.2.5.</p>"}], "value": "Missing Authorization vulnerability in flycart UpsellWP checkout-upsell-and-order-bumps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UpsellWP: from n/a through <= 2.2.5."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:58.592Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/checkout-upsell-and-order-bumps/vulnerability/wordpress-upsellwp-plugin-2-2-3-broken-access-control-vulnerability?_s_id=cve"}], "title": "WordPress UpsellWP plugin <= 2.2.5 - Broken Access Control vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-19T19:24:16.791847Z", "id": "CVE-2026-25419", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T13:25:48.459Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-25419", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-19T19:24:16.791847Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-19T19:24:08.808Z"}}], "cna": {"title": "WordPress UpsellWP plugin <= 2.2.3 - Broken Access Control vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "Rapid0nion | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "affected": [{"vendor": "flycart", "product": "UpsellWP", "versions": [{"status": "affected", "version": "n/a", "versionType": "custom", "lessThanOrEqual": "<= 2.2.3"}], "packageName": "checkout-upsell-and-order-bumps", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "datePublic": "2026-02-19T09:25:52.110Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/checkout-upsell-and-order-bumps/vulnerability/wordpress-upsellwp-plugin-2-2-3-broken-access-control-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in flycart UpsellWP checkout-upsell-and-order-bumps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UpsellWP: from n/a through <= 2.2.3.", "supportingMedia": [{"type": "text/html", "value": "Missing Authorization vulnerability in flycart UpsellWP checkout-upsell-and-order-bumps allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects UpsellWP: from n/a through <= 2.2.3.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "Missing Authorization"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-02-19T08:27:06.818Z"}}}, "cveMetadata": {"cveId": "CVE-2026-25419", "state": "PUBLISHED", "dateUpdated": "2026-02-19T19:27:51.785Z", "dateReserved": "2026-02-02T12:53:26.262Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-02-19T08:27:06.818Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in flycart UpsellWP checkout-upsell-and-order-bumps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UpsellWP: from n/a through <= 2.2.5."}, {"lang": "es", "value": "Vulnerabilidad de autorizaci\u00f3n faltante en flycart UpsellWP checkout-upsell-and-order-bumps permite la explotaci\u00f3n de niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a UpsellWP: desde n/a hasta &lt;= 2.2.3."}], "id": "CVE-2026-25419", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-02-19T09:16:23.597", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/checkout-upsell-and-order-bumps/vulnerability/wordpress-upsellwp-plugin-2-2-3-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.2.3]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "UpsellWP", "source": "cna", "vendor": "flycart"}, "product": "upsellwp", "vendor": "flycart"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-16T00:14:21.362954+00:00", "value": {"mitigation_remediation": ["Upgrade the UpsellWP plugin to the latest available version that addresses the broken access control flaw.", "Verify that the plugin is not exposed beyond administrative users and that proper role permissions are enforced.", "If an upgrade cannot be applied immediately, remove or disable the plugin from the WordPress installation to eliminate the attack surface."], "summary": {"action": "Patch/Upgrade", "impact": "Unauthorized Access"}, "threat_synthesis": {"affected_systems": "This vulnerability affects WordPress sites that have the UpsellWP plugin version 2.2.5 or earlier. The plugin is distributed by flycart under the UpsellWP name. No specific WordPress core versions are mentioned, so the flaw exists whenever the affected plugin is installed on any supported WordPress installation.", "description_and_impact": "The UpsellWP checkout\u2011upsell\u2011and\u2011order\u2011bumps plugin contains a missing authorization flaw that lets attackers exploit incorrectly configured access control security levels. The flaw could allow a user without proper permissions to reach protected functions, potentially manipulating orders, modifying pricing settings, or viewing sensitive order details. The vulnerability is classified as CWE\u2011862, indicating a missing authorization issue.", "risk_and_exploitability": "The CVSS score of 4.3 suggests moderate risk. The EPSS score of less than 1% indicates that exploitation is considered unlikely at the moment. The vulnerability is not listed in CISA\u2019s KEV catalog. The likely attack vector is through the plugin's web interface, as the flaw stems from improperly enforced access control. An attacker would need to target a site using the vulnerable plugin and exploit the accessible endpoints to gain unauthorized access."}}}}, "created": "2026-02-20T10:08:19.727622+00:00", "updated": "2026-04-16T00:15:18.642968+00:00", "vendors": ["flycart", "flycart$PRODUCT$upsellwp", "wordpress", "wordpress$PRODUCT$wordpress"]}