CVE-2026-56010
Deferred Deferred - Pending Action
Subscriber Privilege Escalation in Abandoned Cart Pro for WooCommerce

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: Patchstack

Description
Subscriber Privilege Escalation in Abandoned Cart Pro for WooCommerce <= 10.4.0 versions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-06-26
AI Q&A
2026-06-26
EPSS Evaluated
N/A
NVD
CVE-2026-56010
EUVD
EUVD-2026-39686
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
patchstack woocommerce_abandoned_cart_pro to 10.4.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-266 A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The WordPress Abandoned Cart Pro for WooCommerce plugin, versions 10.4.0 and earlier, contains a high-priority privilege escalation vulnerability (CVE-2026-56010).

This flaw allows attackers who have low-privileged accounts to escalate their access to higher privileges, potentially gaining full control over the affected website.

The vulnerability is categorized under OWASP Top 10 category A7, which relates to Identification and Authentication Failures.

Impact Analysis

Exploitation of this vulnerability can allow an attacker with limited access to escalate their privileges and potentially take full control of your website.

This can lead to unauthorized actions such as modifying website content, accessing sensitive data, or disrupting website operations.

Given the high CVSS score of 8.8, the risk of exploitation is significant, including the possibility of mass-exploit campaigns targeting thousands of websites.

Immediate mitigation actions include updating the plugin to version 10.4.1 or later, or applying available mitigation rules until an update can be performed.

Mitigation Strategies

To mitigate the privilege escalation vulnerability in Abandoned Cart Pro for WooCommerce versions 10.4.0 and earlier, you should immediately update the plugin to version 10.4.1 or later.

If updating the plugin is not possible right away, seek assistance from your hosting provider or web developer.

Additionally, Patchstack has issued a mitigation rule that can be applied to block attacks targeting this vulnerability until the plugin is updated.

Compliance Impact

The vulnerability allows attackers with low-privileged accounts to escalate their access to higher privileges, potentially gaining full control of the website. This kind of privilege escalation can lead to unauthorized access to sensitive data, which may impact compliance with standards and regulations such as GDPR and HIPAA that require strict access controls and protection of personal and health information.

Because the vulnerability falls under OWASP Top 10 category A7 (Identification and Authentication Failures), it highlights weaknesses in authentication and authorization mechanisms, which are critical for maintaining compliance with data protection regulations.

Immediate mitigation actions, such as updating the plugin or applying patches, are necessary to reduce the risk of non-compliance due to potential data breaches or unauthorized data access.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-56010. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart