cleantalk
Vulnerabilities and Security Researches

Checkout Upsell – WooCommerce Upsell, Cross Sell, Order Bumps, One Click Upsell, Frequently Bought Together, Next Order C, CVE-2026-25419

CVE, Research URL

CVE-2026-25419

Home page URL

Security reports for Checkout Upsell – WooCommerce Upsell, Cross Sell, Order Bumps, One Click Upsell, Frequently Bought Together, Next Order C

Application

Checkout Upsell – WooCommerce Upsell, Cross Sell, Order Bumps, One Click Upsell, Frequently Bought Together, Next Order C

Published on
Feb 19, 2026
Research Description
Missing Authorization vulnerability in flycart UpsellWP checkout-upsell-and-order-bumps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UpsellWP: from n/a through <= 2.2.3.
Affected versions
max 2.2.3.
Status
vulnerable
Previous vulnerability researches
Checkout Upsell &#8211; WooCommerce Upsell, Cross Sell, Order Bumps, One Click Upsell, Frequently Bought Together, Next Order C (CVE-2026-25419) , Feb 27, 2026
Checkout Upsell &#8211; WooCommerce Upsell, Cross Sell, Order Bumps, One Click Upsell, Frequently Bought Together, Next Order C (CVE-2026-32459) , Mar 30, 2026
New vulnerability
CP Contact Form with PayPal (CVE-2026-32433) , Mar 30, 2026
Scientific and Interactive Blocks &#8211; inseri core (CVE-2026-27344) , Mar 30, 2026
Advanced WooCommerce Product Sales Reporting &#8211; Statistics &amp; Forecast (CVE-2026-24993) , Mar 30, 2026
Product Feed for WooCommerce &#8211; Google Shops, Facebook Shop, TikTok, Instagram, and More (CVE-2026-22480) , Mar 30, 2026
WPCasa (CVE-2025-62043) , Mar 30, 2026