SureCart Security Levels Misconfigured, Allowing Unauthorized Access

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

SureCart Security Levels Misconfigured, Allowing Unauthorized Access

CVE-2026-39488

Summary

A security setting in SureCart has been incorrectly configured, allowing unauthorized access to sensitive information. If not fixed, this could allow attackers to access areas they shouldn't be able to, potentially leading to data breaches or other security issues. To stay safe, update SureCart to the latest version, which includes a fix for this issue.

Original title

Missing Authorization vulnerability in SureCart SureCart surecart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SureCart: from n/a through <= 4.0.2.

Original description

Missing Authorization vulnerability in SureCart SureCart surecart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SureCart: from n/a through <= 4.0.2.

Vulnerability type

CWE-862 Missing Authorization

https://patchstack.com/database/Wordpress/Plugin/surecart/vulnerability/wordpres...

Published: 8 Apr 2026 · Updated: 9 Apr 2026 · First seen: 8 Apr 2026