Filtered by vendor Datalogics Ecommerce Delivery
Subscriptions
Filtered by product Datalogics Ecommerce Delivery
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-2631 | 2 Datalogics Ecommerce Delivery, Wordpress | 2 Datalogics Ecommerce Delivery, Wordpress | 2026-03-12 | 9.8 Critical |
| The Datalogics Ecommerce Delivery WordPress plugin before 2.6.60 exposes an unauthenticated REST endpoint that allows any remote user to modify the option `datalogics_token` without verification. This token is subsequently used for authentication in a protected endpoint that allows users to perform arbitrary WordPress `update_option()` operations. Attackers can use this to enable registartion and to set the default role as Administrator. | ||||
Page 1 of 1.