CVE-2026-32441
Received Received - Intake
Missing Authorization in WebToffee Comments Import & Export Plugin

Publication date: 2026-03-25

Last updated on: 2026-04-29

Assigner: Patchstack

Description
Missing Authorization vulnerability in WebToffee Comments Import & Export comments-import-export-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Comments Import & Export: from n/a through <= 2.4.9.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-25
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-03-25
EPSS Evaluated
2026-06-15
NVD
CVE-2026-32441
EUVD
EUVD-2026-15821
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
webtoffee comments_import_export to 2.4.9 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a Missing Authorization issue in the WebToffee Comments Import & Export plugin for WooCommerce. It allows attackers to exploit incorrectly configured access control security levels, meaning that unauthorized users might gain access to functionality or data they should not be able to access.

Compliance Impact

The provided information does not specify how the CVE-2026-32441 vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

The vulnerability arises from missing authorization checks in the Comments Import & Export plugin, allowing subscriber-level users to perform unauthorized actions. Detection involves monitoring for unauthorized access attempts or actions performed by low-privileged users that should require higher privileges.

While specific commands are not provided, detection can include reviewing web server logs for suspicious POST or GET requests targeting the plugin's import/export functions, especially those initiated by subscriber-level accounts.

Additionally, using security monitoring tools that detect broken access control attempts or unusual privilege escalations related to the plugin can help identify exploitation attempts.

Mitigation Strategies

The primary mitigation step is to update the Comments Import & Export plugin to version 2.5.0 or later, where the vulnerability has been patched.

Until the update can be applied, applying the immediate mitigation rule provided by Patchstack to block attacks targeting this vulnerability is recommended.

Additionally, enabling continuous security monitoring and automatic updates for vulnerable plugins can help protect affected sites from exploitation.

Impact Analysis

The impact of this vulnerability could include unauthorized access to comment import and export features, potentially allowing attackers to manipulate, export, or import comments without proper permissions. This could lead to data integrity issues or exposure of sensitive information.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-32441. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart