CVE-2026-61952 PUBLISHED

WordPress WooCommerce Bulk Edit Products – WP Sheet Editor plugin <= 1.8.21 - Broken Access Control vulnerability

Assigner: Patchstack
Reserved: 13.07.2026 Published: 13.07.2026 Updated: 13.07.2026

Missing Authorization vulnerability in Jose Vega WooCommerce Bulk Edit Products – WP Sheet Editor woo-bulk-edit-products allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Bulk Edit Products – WP Sheet Editor: from n/a through <= 1.8.21.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
CVSS Score: 4.9

Product Status

Vendor Jose Vega
Product WooCommerce Bulk Edit Products – WP Sheet Editor
Versions Default: unaffected
  • affected from 0 to 1.8.21 (incl.)

Credits

  • Ananda Dhakal (Patchstack) finder

References

Problem Types

  • Missing Authorization CWE

Impacts

  • Exploiting Incorrectly Configured Access Control Security Levels