CVE-2026-32586
WordPress Booster for WooCommerce plugin < 7.11.3 - Broken Access Control vulnerabilityMissing Authorization vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster for WooCommerce: from n/a through < 7.11.3.
We have discovered 1,360 live websites that are affected by CVE-2026-32586.
Affected Software
| Product |  Woocommerce Jetpack |
| Category | Wordpress Plugins |
| Vulnerable Domains | 1,360 live websites (100% of Woocommerce Jetpack install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 76 versions ( 100% of all versions) |
Details
- Published - Mar 17, 2026
- Updated - Apr 1, 2026
Credits
- Nguyen Ba Khanh | Patchstack Bug Bounty Program (finder)
CVE References
Website Distribution by Country
Number of websites using CVE-2026-32586 United States | 421 websites |
 Italy | 94 websites |
 GB | 92 websites |
 Germany | 83 websites |
 France | 66 websites |
 Netherlands | 66 websites |
 Spain | 37 websites |
 Australia | 35 websites |
 Poland | 31 websites |
 South Africa | 30 websites |
Website Distribution by TLD
Number of websites using CVE-2026-32586| .com | 568 websites |
| .it | 69 websites |
| .co.uk | 68 websites |
| .nl | 53 websites |
| .org | 49 websites |
| .de | 34 websites |
| .com.au | 32 websites |
| .net | 32 websites |
| .fr | 26 websites |
| .es | 24 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2026-32586
Top websites that are affected by CVE-2026-32586. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ********.com | United States | **,*** | |
| ************.***.uk | GB | ***,*** | |
| **********************.at | Germany | ***,*** | |
| ************.com | United States | ***,*** | |
| *****.de | Germany | ***,*** | |
| ******.org | France | ***,*** | |
| ****.org | United States | ***,*** | |
| ******************.com | United States | ***,*** | |
| ******.org | United States | ***,*** | |
| ***************.org | Germany | ***,*** |
FAQ
A total of 1,360 websites have been identified as vulnerable to CVE-2026-32586, based on global website indexing conducted by WebTechSurvey.
The Woocommerce Jetpack is affected by the CVE-2026-32586 vulnerability.
Woocommerce Jetpack versions up to and including 7.11.3 are vulnerable to CVE-2026-32586.