cbcvebase.
CVE-2026-1000
published 2026-01-16

CVE-2026-1000: The MailerLite - WooCommerce integration plugin for WordPress is vulnerable to unauthorized data modification and deletion in all versions up to, and…

PriorityP339medium6.5CVSS 3.1
AVNACLPRLUINSUCNIHAN
EPSS
0.28%
19.9th percentile
The MailerLite - WooCommerce integration plugin for WordPress is vulnerable to unauthorized data modification and deletion in all versions up to, and including, 3.1.3. This is due to missing capability checks on the resetIntegration() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset the plugin's integration settings, delete all plugin options, and drop the plugin's database tables (woo_mailerlite_carts and woo_mailerlite_jobs), resulting in complete loss of plugin data including customer abandoned cart information and sync job history.

Affected

1 ranges
VendorProductVersion rangeFixed in
mailerlitemailerlite_woocommerce_integration<= 3.1.3

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.