CVE-2026-57341 MEDIUM

CVE-2026-57341: WordPress Colissimo Officiel : Méthodes de livraison pour WooCommerce plugin <= 2.9.0 - Insecure Direct Object References (IDOR) vulnerability

Vendor Colissimo

Product Colissimo Officiel : Méthodes de livraison pour WooCommerce

Weakness CWE-639 · IDOR

Published June 29, 2026

Last update June 29, 2026

View on NVD All CVEs

CVSS base score

6.5/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

What the vulnerability does

01Description

Unauthenticated Insecure Direct Object References (IDOR) in Colissimo Officiel : Méthodes de livraison pour WooCommerce <= 2.9.0 versions.

Explanation of Vulnerability in Simple Terms

02Summary

The Colissimo Officiel shipping plugin for WooCommerce versions up to 2.9.0 contains a vulnerability that allows unauthenticated attackers to modify data and disrupt service. The vulnerability requires no user interaction and can be exploited over the network. Site administrators should update to a version newer than 2.9.0 when available.

What an attacker can do

03Attacker Capabilities

Modify plugin data and disrupt service without authentication.

Potential impact on your site

04Site Impact

Attackers can alter shipping settings and cause service disruptions on your WooCommerce store.

Conditions required to exploit

05Prerequisites

Network access only; no authentication or user interaction required.

Key dates

06Disclosure timeline

June 29, 2026 CVE published

External resources

07References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-57341 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/639.html

Related vulnerabilities

Identifiers

CVE CVE-2026-57341

CWE CWE-639

CVSS 6.5 / MEDIUM

Affected versions