CVE-2026-7655 - SureCart <= 4.2.3 - Unauthenticated Linked WordPress Account Takeover via Forged customer.updated Webhook
CVE ID :CVE-2026-7655 Published : July 11, 2026, 6:16 a.m. | 16 minutes ago Description :The SureCart plugin for WordPress is vulnerable to privilege escalation via account takeover in versions up to, and including, 4.2.3. This is due to the plugin not properly validating a user's identity...