CVE-2026-49779 MEDIUM

CVE-2026-49779: WordPress Tax Exempt for WooCommerce plugin <= 1.9.3 - Path Traversal vulnerability

Vendor Addify
Product Tax Exempt for WooCommerce
Weakness CWE-35
Published July 2, 2026
Last update July 2, 2026

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Customer Path Traversal in Tax Exempt for WooCommerce <= 1.9.3 versions.

Explanation of Vulnerability in Simple Terms

02Summary

Tax Exempt for WooCommerce versions up to 1.9.3 contain an information disclosure vulnerability. An authenticated attacker with low privileges can read sensitive data they should not have access to. The vulnerability requires network access but no user interaction. Update to a version newer than 1.9.3 to remediate.

What an attacker can do

03Attacker Capabilities

Read sensitive data (such as customer information or tax settings) without authorization.

Potential impact on your site

04Site Impact

Customer data or tax configuration details may be exposed to authenticated users with limited permissions.

Conditions required to exploit

05Prerequisites

Attacker must have a low-privilege WooCommerce account; network access required.

Key dates

06Disclosure timeline

July 2, 2026 CVE published

Related vulnerabilities

08Related CVE