What the vulnerability does
01Description
The SureCart plugin for WordPress is vulnerable to privilege escalation via account takeover in versions up to, and including, 4.2.3. This is due to the plugin not properly validating a user's identity prior to updating their details like email during customer profile synchronization from webhook events. This makes it possible for unauthenticated attackers to change linked user's email addresses, including administrators if the administrator account is linked to a SureCart customer record, and leverage that to reset the user's password and gain access to their account if the customer ID is known.
Explanation of Vulnerability in Simple Terms
02Summary
SureCart versions up to 4.2.3 contain a vulnerability that allows an attacker to read sensitive data, modify site content, or disrupt service availability. The attack requires network access and high technical complexity but no authentication or user interaction. This affects the core ecommerce functionality and could compromise customer data or payment information.
What an attacker can do
03Attacker Capabilities
Read sensitive data, modify site content, or disrupt service availability without authentication.
Potential impact on your site
04Site Impact
Customer data, payment information, and site integrity may be compromised; service availability may be disrupted.
Conditions required to exploit
05Prerequisites
Network access and high technical complexity to exploit; no authentication or user interaction required.
Key dates
06Disclosure timeline
July 11, 2026
CVE published