VYPR

Ecommerce Delivery

by WordPress

CVEs (1)

  • CVE-2026-2631CriMar 11, 2026
    risk 0.64cvss 9.8epss 0.01

    The Datalogics Ecommerce Delivery WordPress plugin before 2.6.60 exposes an unauthenticated REST endpoint that allows any remote user to modify the option `datalogics_token` without verification. This token is subsequently used for authentication in a protected endpoint that…