CVE-2026-1128

NONE EPSS 0.01%

Mar 06, 2026

Updated Mar 06, 2026

WordPress

Parameter	Value
Vendor	WordPress
Public PoC	No

The WP eCommerce WordPress plugin through 3.15.1 does not have CSRF check in place when deleting coupons, which could allow attackers to make a logged in admin remove them via a CSRF attack

References 1

https://wpscan.com/vulnerability/35010d36-f985-4121-b7ee-c97edf724a7f/

contact@wpscan.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-2446

WordPress

None

CVE-2026-3459

WordPress

8.1

CVE-2026-1720

WordPress

8.8

CVE-2026-2599

WordPress

9.8

CVE-2026-1321

WordPress

8.1

CVE Details

CVE ID

CVE-2026-1128

Published Date

Mar 06, 2026

Vendor

WordPress

Severity

NONE

Exploit Prediction (EPSS)

Probability of Exploit 0.01%

Likelihood of exploitation in next 30 days

Percentile: 0.8th percentile (higher than 0.8% of all CVEs)

Standard patching cycle

Impact

Minimal impact

Source

View Advisory

Menu

CVE-2026-1128

References 1

Related Vulnerabilities

CVE-2026-2446

CVE-2026-3459

CVE-2026-1720

CVE-2026-2599

CVE-2026-1321

CVE Details

Editor's Choice