VYPR

Hippoo

by WordPress

Source repositories

CVEs (4)

  • CVE-2026-49060CriJun 11, 2026
    risk 0.64cvss 9.8epss 0.01

    Incorrect Privilege Assignment vulnerability in Hippoo Mobile App for WooCommerce allows Privilege Escalation. This issue affects Hippoo Mobile App for WooCommerce: from n/a through 1.9.4.

  • CVE-2026-10580CriJun 5, 2026
    risk 0.57cvss 9.8epss 0.03

    The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass leading to Administrator Account Takeover in all versions up to and including 1.9.4. This is due to a logic conflation in HippooPermissions::get_user_permissions(), which returns…

  • CVE-2026-49065HigJun 15, 2026
    risk 0.53cvss 8.2epss 0.00

    Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce <= 1.9.5 versions.

  • CVE-2025-12655MedDec 12, 2025
    risk 0.34cvss 5.3epss 0.00

    The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to arbitrary file write via a missing authorization check in all versions up to, and including, 1.7.1. This is due to the REST API endpoint `/wp-json/hippoo/v1/wc/token/save_callback/{token_id}` being…