CVE-2026-1000
BaseFortify
Publication date: 2026-01-16
Last updated on: 2026-01-16
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mailerlite | woo_mailerlite | 3.1.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the MailerLite - WooCommerce integration plugin for WordPress (up to version 3.1.3) is caused by missing capability checks on the resetIntegration() function. This allows authenticated attackers with Subscriber-level access or higher to reset the plugin's integration settings without proper authorization. As a result, they can delete all plugin options and drop the plugin's database tables (woo_mailerlite_carts and woo_mailerlite_jobs), leading to complete loss of plugin data including customer abandoned cart information and sync job history. [4]
How can this vulnerability impact me? :
This vulnerability can lead to a complete loss of critical plugin data such as customer abandoned cart information and synchronization job history by allowing unauthorized users to reset integration settings and delete plugin data. This can disrupt marketing automation, cause loss of customer engagement data, and potentially impact business operations relying on this data. [4]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves unauthorized data modification and deletion via the resetIntegration() function in the WooMailerLite plugin. Detection can focus on monitoring for unauthorized calls to this function or suspicious deletion of plugin options and database tables (woo_mailerlite_carts and woo_mailerlite_jobs). Since the vulnerability allows authenticated users with Subscriber-level access and above to reset integration settings, you can detect it by auditing WordPress user actions and database changes. Specific commands are not provided in the resources, but general approaches include: 1. Monitoring WordPress logs or audit plugins for calls to resetIntegration or changes in plugin options. 2. Checking the existence and contents of the database tables woo_mailerlite_carts and woo_mailerlite_jobs to detect if they have been dropped or truncated. 3. Using SQL queries to check for the presence of these tables, e.g., `SHOW TABLES LIKE '%woo_mailerlite_carts%';` and `SHOW TABLES LIKE '%woo_mailerlite_jobs%';`. 4. Reviewing WordPress user activity logs for Subscriber-level users performing unexpected administrative actions. No explicit commands are given in the resources, but these methods align with the plugin's database structure and vulnerability nature. [3, 4]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1. Updating the WooMailerLite plugin to a version later than 3.1.3 where the vulnerability is patched. The patch enforces authorization checks on sensitive functions like resetIntegration(), preventing Subscriber-level users from resetting integration settings. 2. Restricting user capabilities so that only trusted users have access levels that can trigger plugin integration resets. 3. Monitoring and auditing user actions related to the plugin to detect any unauthorized attempts. 4. If updating immediately is not possible, consider disabling or restricting the plugin temporarily. 5. Review and apply the security enhancements described in the patch, such as authorization enforcement and input validation. The patch details include explicit authorization calls before sensitive actions, input sanitization, and capability checks (e.g., `current_user_can('manage_options')`). [1, 4]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows authenticated attackers with Subscriber-level access to reset integration settings, delete plugin options, and drop plugin database tables, resulting in complete loss of plugin data including customer abandoned cart information and sync job history. This loss of customer data could impact compliance with standards like GDPR or HIPAA by causing data integrity issues and potential loss of audit trails or records required for regulatory compliance. However, there is no explicit mention in the provided resources about direct effects on compliance or data protection obligations under these regulations. [1, 3, 4]