CVE-2026-57332 HIGH

CVE-2026-57332: WordPress Wallet System for WooCommerce plugin <= 2.7.6 - Broken Access Control vulnerability

Vendor Wp Swings
Product Wallet System for WooCommerce
Weakness CWE-862 · Missing authorization
Published June 29, 2026
Last update June 29, 2026

CVSS base score

7.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

What the vulnerability does

01Description

Subscriber Broken Access Control in Wallet System for WooCommerce <= 2.7.6 versions.

Explanation of Vulnerability in Simple Terms

02Summary

The Wallet System for WooCommerce plugin fails to properly check user permissions before allowing certain actions. A logged-in user with low privileges can modify wallet data or settings they should not have access to, potentially affecting site integrity and availability. Update to a version newer than 2.7.6.

What an attacker can do

03Attacker Capabilities

Modify wallet data or settings without proper authorization as a low-privilege user.

Potential impact on your site

04Site Impact

Unauthorized changes to wallet functionality, balances, or plugin settings; potential data corruption or service disruption.

Conditions required to exploit

05Prerequisites

Attacker must have a low-privilege account on the site (e.g., customer or subscriber role).

Key dates

06Disclosure timeline

June 29, 2026 CVE published