ShopWP (Shopify plugin) Allows Unauthorized Access if Configured Incorrectly

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

ShopWP (Shopify plugin) Allows Unauthorized Access if Configured Incorrectly

CVE-2026-39701

Summary

If not properly configured, the ShopWP plugin for WordPress may allow an attacker to access certain areas of the site without permission, potentially leading to data theft or other security breaches. This affects all versions of ShopWP up to 5.2.4. Update to the latest version to ensure proper access control is in place.

Original title

Missing Authorization vulnerability in Andrew ShopWP wpshopify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShopWP: from n/a through <= 5.2.4.

Original description

Missing Authorization vulnerability in Andrew ShopWP wpshopify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShopWP: from n/a through <= 5.2.4.

Vulnerability type

CWE-862 Missing Authorization

https://patchstack.com/database/Wordpress/Plugin/wpshopify/vulnerability/wordpre...

Published: 8 Apr 2026 · Updated: 9 Apr 2026 · First seen: 8 Apr 2026