Shopwell: Incorrect Access Control Exposes Sensitive Data

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

5.3

Shopwell: Incorrect Access Control Exposes Sensitive Data

CVE-2026-25333

Summary

Shopwell's access control settings are not properly configured, allowing unauthorized access to sensitive data. This means that users may be able to view or modify data they shouldn't have access to. Update to the latest version of Shopwell to ensure proper access control is in place.

Original title

Missing Authorization vulnerability in peregrinethemes Shopwell shopwell allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shopwell: from n/a through <= 1.0...

Original description

nvd CVSS3.1 5.3

Vulnerability type

CWE-862 Missing Authorization

https://patchstack.com/database/Wordpress/Theme/shopwell/vulnerability/wordpress...

Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026