Privilege Escalation in Hippoo Mobile App for WooCommerce (≤ 1.9.4)

critical-cve-against-dependency · active

A critical privilege escalation vulnerability (CVE-2026-49060) affects the Hippoo Mobile App for WooCommerce WordPress plugin in all versions up to and including 1.9.4. Due to incorrect privilege assignment, an attacker may be able to gain elevated privileges on affected sites.

Affected packages

• packagisthippoo-mobile-app-for-woocommerceupgrade to ≥ 1.9.5

Sources

• ghsahttps://github.com/advisories/GHSA-mh6m-7983-2r5w
• nvdhttps://nvd.nist.gov/vuln/detail/CVE-2026-49060
• google-searchhttps://patchstack.com/database/wordpress/plugin/hippoo/vulnerability/wordpress-hippoo-mobile-app-for-woocommerce-plugin-1-9-4-privilege-escalation-vulnerability?_s_id=cve