CVE-2026-7655

WordPress · SureCart

The SureCart plugin for WordPress is vulnerable to privilege escalation via account takeover due to a weak password recovery mechanism.

Executive summary

A critical account takeover vulnerability in the SureCart plugin for WordPress allows unauthenticated attackers to escalate privileges and compromise user accounts.

Vulnerability

The plugin suffers from a weak password recovery mechanism (CWE-640). This allows an unauthenticated attacker to manipulate the recovery process to perform an account takeover.

Business impact

Successful exploitation allows an attacker to gain full control over any user account, including administrator accounts. This could lead to massive data breaches, financial fraud, and total loss of site control. Despite the High complexity (AC:H) noted in the CVSS vector, the potential for total account compromise justifies the 8.1 CVSS score and requires urgent attention.

Remediation

Immediate Action: Update the SureCart plugin to version 4.2.4 or higher to resolve the password recovery flaw.

Proactive Monitoring: Monitor site logs for unusual password reset requests or multiple failed authentication attempts originating from suspicious IP addresses.

Compensating Controls: Enable two-factor authentication (2FA) for all administrative and high-privilege accounts, which can prevent successful account takeover even if the password recovery mechanism is bypassed.

Exploitation status

Public Exploit Available: false

Analyst recommendation

This vulnerability represents a significant risk to the security of e-commerce operations. Security teams must ensure all installations of SureCart are updated to the latest version immediately to close the password recovery loophole and prevent unauthorized account access.