CVE-2026-1128

MEDIUM 4.3

WP eCommerce <= 3.15.1 - Coupon Deletion via CSRF

CVSS Score

4.3

EPSS Score

0.0%

EPSS Percentile

3th

The WP eCommerce WordPress plugin through 3.15.1 does not have CSRF check in place when deleting coupons, which could allow attackers to make a logged in admin remove them via a CSRF attack

Vendor	unknown
Product	wp ecommerce
Published	Mar 6, 2026
Last Updated	Apr 2, 2026

Stay Ahead of the Next One

Get instant alerts for unknown wp ecommerce

Be the first to know when new medium vulnerabilities affecting unknown wp ecommerce are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Unknown / WP eCommerce

0 ≤ 3.15.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wpscan.com: https://wpscan.com/vulnerability/35010d36-f985-4121-b7ee-c97edf724a7f/

Credits

Bob Matyas WPScan