CVE-2026-7655
WordPress · SureCart
The SureCart plugin for WordPress is vulnerable to privilege escalation via account takeover due to a weak password recovery mechanism.
Executive summary
A critical account takeover vulnerability in the SureCart plugin for WordPress allows unauthenticated attackers to escalate privileges and compromise user accounts.
Vulnerability
The plugin suffers from a weak password recovery mechanism (CWE-640). This allows an unauthenticated attacker to manipulate the recovery process to perform an account takeover.
Business impact
Successful exploitation allows an attacker to gain full control over any user account, including administrator accounts. This could lead to massive data breaches, financial fraud, and total loss of site control. Despite the High complexity (AC:H) noted in the CVSS vector, the potential for total account compromise justifies the 8.1 CVSS score and requires urgent attention.
Remediation
Immediate Action: Update the SureCart plugin to version 4.2.4 or higher to resolve the password recovery flaw.
Proactive Monitoring: Monitor site logs for unusual password reset requests or multiple failed authentication attempts originating from suspicious IP addresses.
Compensating Controls: Enable two-factor authentication (2FA) for all administrative and high-privilege accounts, which can prevent successful account takeover even if the password recovery mechanism is bypassed.
Exploitation status
Public Exploit Available: false
Analyst recommendation
This vulnerability represents a significant risk to the security of e-commerce operations. Security teams must ensure all installations of SureCart are updated to the latest version immediately to close the password recovery loophole and prevent unauthorized account access.