CVE-2026-24372
Authentication Bypass in WP Swings WooCommerce Subscriptions
Publication date: 2026-03-25
Last updated on: 2026-04-29
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wp_swings | subscriptions_for_woocommerce | to 1.8.10 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-290 | This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-24372 is an authentication bypass vulnerability in the WordPress plugin Subscriptions for WooCommerce, affecting versions up to and including 1.8.10.
This vulnerability allows an unauthenticated attacker to bypass certain code restrictions by manipulating input data, potentially enabling unauthorized actions without needing any additional privileges.
It is classified under OWASP Top 10 A4: Insecure Design and has a CVSS severity score of 7.5, indicating a moderate risk level.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to perform unauthorized actions within the Subscriptions for WooCommerce plugin by bypassing authentication mechanisms.
Since no additional privileges are required to exploit this issue, it increases the risk of unauthorized access or manipulation of subscription-related data or functionality.
However, the vulnerability is considered low priority by Patchstack due to its low severity impact and the unlikelihood of exploitation.
Users are strongly advised to update to version 1.9.0 or later to mitigate this risk.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
There is no specific information provided about detection methods or commands to identify this vulnerability on your network or system.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should update the WordPress Subscriptions for WooCommerce plugin to version 1.9.0 or later, where the issue is patched.
Additionally, Patchstack offers mitigation services including auto-updates for vulnerable plugins, which can help reduce risk.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of the CVE-2026-24372 vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.