Lucene search
K

31 matches found

Nuclei
Nuclei
added yesterday16 views

Hippoo Mobile App for WooCommerce <= 1.9.4 - Authentication Bypass to Admin Account Takeover

Hippoo Mobile App for WooCommerce WordPress plugin = 1.9.4 contains an authentication bypass caused by logic conflation in user permission checks, letting unauthenticated attackers take over administrator accounts via REST API password reset. id: CVE-2026-10580 info: name: Hippoo Mobile App for...

9.8CVSS5.9AI score0.02841EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday14 views

Hippoo Mobile App for WooCommerce <= 1.7.1 - Unauthenticated Arbitrary File Read

The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to and including 1.7.1 via the templateredirect function. The plugin registers 'hippooserve' as a WordPress query variable and uses it to serve PWA files from the pwa/ directory. In...

7.5CVSS6AI score0.02056EPSS
Exploits0References3
NVD
NVD
added 2026/06/15 9:17 p.m.13 views

CVE-2026-49065

Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce = 1.9.5 versions...

8.2CVSS0.00237EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 8:19 p.m.6 views

CVE-2026-49065 WordPress Hippoo Mobile App for WooCommerce plugin <= 1.9.5 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce = 1.9.5 versions...

8.2CVSS5.1AI score0.00237EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:19 p.m.29 views

CVE-2026-49065 WordPress Hippoo Mobile App for WooCommerce plugin <= 1.9.5 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce = 1.9.5 versions...

8.2CVSS0.00237EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:19 p.m.9 views

EUVD-2026-36872

Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce = 1.9.5 versions...

8.2CVSS5.1AI score0.00237EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:19 p.m.18 views

CVE-2026-49065

The CVE applies to WordPress Hippoo Mobile App for WooCommerce plugin versions

8.2CVSS5.1AI score0.00237EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.11 views

PT-2026-49502

Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce = 1.9.5 versions...

8.2CVSS5.1AI score0.00237EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 12:31 a.m.11 views

EUVD-2026-36358

Incorrect Privilege Assignment vulnerability in Hippoo Mobile App for WooCommerce allows Privilege Escalation. This issue affects Hippoo Mobile App for WooCommerce: from n/a through 1.9.4...

9.8CVSS5.4AI score0.00514EPSS
Exploits1References2
NVD
NVD
added 2026/06/11 10:16 p.m.12 views

CVE-2026-49060

Incorrect Privilege Assignment vulnerability in Hippoo Mobile App for WooCommerce allows Privilege Escalation. This issue affects Hippoo Mobile App for WooCommerce: from n/a through 1.9.4...

9.8CVSS0.00514EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/11 9:2 p.m.31 views

CVE-2026-49060 WordPress Hippoo Mobile App for WooCommerce plugin <= 1.9.4 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Hippoo Mobile App for WooCommerce allows Privilege Escalation. This issue affects Hippoo Mobile App for WooCommerce: from n/a through 1.9.4...

9.8CVSS0.00514EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/11 9:2 p.m.11 views

CVE-2026-49060 WordPress Hippoo Mobile App for WooCommerce plugin <= 1.9.4 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Hippoo Mobile App for WooCommerce allows Privilege Escalation. This issue affects Hippoo Mobile App for WooCommerce: from n/a through 1.9.4...

9.8CVSS5.2AI score0.00514EPSS
Exploits1References1
CVE
CVE
added 2026/06/11 9:2 p.m.64 views

CVE-2026-49060

The CVE-2026-49060 entry concerns the WordPress plugin Hippoo Mobile App for WooCommerce. Affected: Hippoo Mobile App for WooCommerce plugin versions up to 1.9.4. Issue: Incorrect Privilege Assignment leading to Privilege Escalation. Impact: high risk across confidentiality, integrity, and availa...

9.8CVSS5.4AI score0.00514EPSS
In wildExploits1References1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.18 views

PT-2026-48785

Name of the Vulnerable Software and Affected Versions Hippoo Mobile App for WooCommerce versions prior to 1.9.5 Description Incorrect Privilege Assignment in the software allows for Privilege Escalation, a condition where a user can gain higher levels of access or permissions than intended...

9.8CVSS5.2AI score0.00514EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.14 views

WordPress plugin Hippoo Mobile App for WooCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

9.8CVSS5.4AI score0.00514EPSS
Exploits1References1
Patchstack
Patchstack
added 2026/06/09 9:25 a.m.11 views

WordPress Hippoo Mobile App for WooCommerce plugin <= 1.9.4 - Unauthenticated Authentication Bypass to Administrator Account Takeover vulnerability

Unauthenticated Authentication Bypass to Administrator Account Takeover vulnerability discovered by Mitchell in WordPress Plugin Hippoo Mobile App for WooCommerce versions = 1.9.4...

9.8CVSS5.5AI score0.02841EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2026/06/08 1:43 p.m.9 views

WordPress Hippoo Mobile App for WooCommerce plugin <= 1.9.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by manop55555 in WordPress Plugin Hippoo Mobile App for WooCommerce versions = 1.9.5...

8.2CVSS5.4AI score0.00237EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/08 12:53 p.m.11 views

WordPress Hippoo Mobile App for WooCommerce plugin <= 1.9.4 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by ParkHyunWoo in WordPress Plugin Hippoo Mobile App for WooCommerce versions = 1.9.4...

9.8CVSS5.5AI score0.00514EPSS
Exploits1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/06 6:43 p.m.15 views

CVE-2026-10580

The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass leading to Administrator Account Takeover in all versions up to and including 1.9.4. This is due to a logic conflation in HippooPermissions::getuserpermissions, which returns the same null sentinel f...

9.8CVSS5.4AI score0.02841EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/05 6:31 p.m.13 views

CVE-2026-10580 Hippoo Mobile App for WooCommerce <= 1.9.4 - Unauthenticated Authentication Bypass to Administrator Account Takeover via REST API

The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass leading to Administrator Account Takeover in all versions up to and including 1.9.4. This is due to a logic conflation in HippooPermissions::getuserpermissions, which returns the same null sentinel f...

9.8CVSS5.4AI score0.02841EPSS
Exploits1References9
Rows per page
Query Builder