KuteShop 4.2.9 and earlier: Insecure Access Control

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

KuteShop 4.2.9 and earlier: Insecure Access Control

CVE-2026-39612

Summary

KuteShop, an e-commerce platform, has a security issue that could allow unauthorized access to sensitive areas of the website. This could happen if access control settings are not properly configured, allowing malicious users to gain access to restricted areas. To protect your site, update to the latest version of KuteShop or ensure your access control settings are correctly configured.

Original title

Missing Authorization vulnerability in kutethemes KuteShop kuteshop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KuteShop: from n/a through <= 4.2.9.

Original description

Missing Authorization vulnerability in kutethemes KuteShop kuteshop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KuteShop: from n/a through <= 4.2.9.

Vulnerability type

CWE-862 Missing Authorization

https://patchstack.com/database/Wordpress/Theme/kuteshop/vulnerability/wordpress...

Published: 8 Apr 2026 · Updated: 9 Apr 2026 · First seen: 8 Apr 2026