{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-39672", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-04-07T10:57:59.671Z", "datePublished": "2026-04-08T08:30:39.300Z", "dateUpdated": "2026-04-08T19:45:11.284Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "shiptime-discount-shipping", "product": "ShipTime: Discounted Shipping Rates", "vendor": "shiptime", "versions": [{"lessThanOrEqual": "1.1.1", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Legion Hunter | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-08T10:28:33.603Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in shiptime ShipTime: Discounted Shipping Rates shiptime-discount-shipping allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects ShipTime: Discounted Shipping Rates: from n/a through <= 1.1.1.</p>"}], "value": "Missing Authorization vulnerability in shiptime ShipTime: Discounted Shipping Rates shiptime-discount-shipping allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShipTime: Discounted Shipping Rates: from n/a through <= 1.1.1."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-08T08:30:39.300Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/shiptime-discount-shipping/vulnerability/wordpress-shiptime-discounted-shipping-rates-plugin-1-1-1-broken-access-control-vulnerability?_s_id=cve"}], "title": "WordPress ShipTime: Discounted Shipping Rates plugin <= 1.1.1 - Broken Access Control vulnerability"}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-08T19:36:51.087395Z", "id": "CVE-2026-39672", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-08T19:45:11.284Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-39672", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-08T19:36:51.087395Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-08T19:15:41.346Z"}}], "cna": {"title": "WordPress ShipTime: Discounted Shipping Rates plugin <= 1.1.1 - Broken Access Control vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "Legion Hunter | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "affected": [{"vendor": "shiptime", "product": "ShipTime: Discounted Shipping Rates", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.1.1"}], "packageName": "shiptime-discount-shipping", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "datePublic": "2026-04-08T10:28:33.603Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/shiptime-discount-shipping/vulnerability/wordpress-shiptime-discounted-shipping-rates-plugin-1-1-1-broken-access-control-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in shiptime ShipTime: Discounted Shipping Rates shiptime-discount-shipping allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShipTime: Discounted Shipping Rates: from n/a through <= 1.1.1.", "supportingMedia": [{"type": "text/html", "value": "Missing Authorization vulnerability in shiptime ShipTime: Discounted Shipping Rates shiptime-discount-shipping allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects ShipTime: Discounted Shipping Rates: from n/a through <= 1.1.1.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "Missing Authorization"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-08T08:30:39.300Z"}}}, "cveMetadata": {"cveId": "CVE-2026-39672", "state": "PUBLISHED", "dateUpdated": "2026-04-08T19:45:11.284Z", "dateReserved": "2026-04-07T10:57:59.671Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-04-08T08:30:39.300Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in shiptime ShipTime: Discounted Shipping Rates shiptime-discount-shipping allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShipTime: Discounted Shipping Rates: from n/a through <= 1.1.1."}], "id": "CVE-2026-39672", "lastModified": "2026-04-08T20:16:26.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-08T09:16:38.687", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/shiptime-discount-shipping/vulnerability/wordpress-shiptime-discounted-shipping-rates-plugin-1-1-1-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,1.1.1]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "ShipTime: Discounted Shipping Rates", "source": "cna", "vendor": "shiptime"}, "product": "shiptime:_discounted_shipping_rates", "vendor": "shiptime"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-08T09:59:20.440550+00:00", "value": {"mitigation_remediation": ["Update the ShipTime: Discounted Shipping Rates plugin to the latest version (1.1.2 or later) if available; if a newer release does not exist, consider removing the plugin entirely.", "If removal is not feasible, disable the discounting feature or restrict access to the plugin\u2019s admin pages through additional role or capability checks.", "Review the active WordPress user roles and permissions to ensure that only trusted administrators have editing rights to shipping methods.", "Conduct an audit of shipping rate data for tampering or unexpected changes following a known vulnerability period.", "Monitor website logs for abnormal access patterns to the plugin\u2019s administrative endpoints and apply web application firewall rules to block suspicious requests."], "summary": {"action": "Patch Immediately", "impact": "Privilege Escalation via Unauthorized Access to Shipping Rate Management"}, "threat_synthesis": {"affected_systems": "Any WordPress installation that has the ShipTime: Discounted Shipping Rates plugin version 1.1.1 or earlier. The plugin is identified under the vendor product shiptime:ShipTime: Discounted Shipping Rates. No specific OS or WordPress core version constraints are noted; the issue lies solely in the plugin code. The affected range includes all builds from the earliest available version up to and including 1.1.1.", "description_and_impact": "The vulnerability is a missing authorization flaw that allows users with insufficient permissions to manipulate shipping rates in the ShipTime: Discounted Shipping Rates plugin. Because the plugin fails to enforce proper access control, an attacker could add, modify, or delete discount rules, resulting in financial loss or billing inaccuracies. The weakness aligns with CWE-862, indicating a broken access control that can lead to data tampering and unauthorized privilege escalation.", "risk_and_exploitability": "The CVSS score is not supplied, and no EPSS value is available, so the exact numerical severity cannot be stated. However, the flaw is not included in the CISA Known Exploited Vulnerabilities catalog, suggesting no publicly documented exploit at this time. The likely attack vector is through Web interfaces exposed by the plugin; an attacker may access administrative endpoints without proper authentication or adequate privilege, as the access checks are omitted. Because the flaw is a direct authorization bypass, exploitation is straightforward once the plugin is present on a site."}}}}, "created": "2026-04-08T19:28:00.642360+00:00", "updated": "2026-04-08T19:41:03.926064+00:00", "vendors": ["shiptime", "shiptime$PRODUCT$shiptime:_discounted_shipping_rates", "wordpress", "wordpress$PRODUCT$wordpress"]}