{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-39668", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-04-07T10:57:59.671Z", "datePublished": "2026-04-08T08:30:38.560Z", "dateUpdated": "2026-04-08T20:19:59.652Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "book-previewer-for-woocommerce", "product": "Book Previewer for Woocommerce", "vendor": "g5theme", "versions": [{"lessThanOrEqual": "1.0.6", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Steven Julian | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-08T10:28:42.866Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in g5theme Book Previewer for Woocommerce book-previewer-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Book Previewer for Woocommerce: from n/a through <= 1.0.6.</p>"}], "value": "Missing Authorization vulnerability in g5theme Book Previewer for Woocommerce book-previewer-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Book Previewer for Woocommerce: from n/a through <= 1.0.6."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-08T08:30:38.560Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/book-previewer-for-woocommerce/vulnerability/wordpress-book-previewer-for-woocommerce-plugin-1-0-6-broken-access-control-vulnerability?_s_id=cve"}], "title": "WordPress Book Previewer for Woocommerce plugin <= 1.0.6 - Broken Access Control vulnerability"}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-08T20:01:14.427995Z", "id": "CVE-2026-39668", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-08T20:19:59.652Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-39668", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-08T20:01:14.427995Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-08T19:59:18.743Z"}}], "cna": {"title": "WordPress Book Previewer for Woocommerce plugin <= 1.0.6 - Broken Access Control vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "Steven Julian | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "affected": [{"vendor": "g5theme", "product": "Book Previewer for Woocommerce", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.0.6"}], "packageName": "book-previewer-for-woocommerce", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "datePublic": "2026-04-08T10:28:42.866Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/book-previewer-for-woocommerce/vulnerability/wordpress-book-previewer-for-woocommerce-plugin-1-0-6-broken-access-control-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in g5theme Book Previewer for Woocommerce book-previewer-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Book Previewer for Woocommerce: from n/a through <= 1.0.6.", "supportingMedia": [{"type": "text/html", "value": "Missing Authorization vulnerability in g5theme Book Previewer for Woocommerce book-previewer-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Book Previewer for Woocommerce: from n/a through <= 1.0.6.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "Missing Authorization"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-08T08:30:38.560Z"}}}, "cveMetadata": {"cveId": "CVE-2026-39668", "state": "PUBLISHED", "dateUpdated": "2026-04-08T20:19:59.652Z", "dateReserved": "2026-04-07T10:57:59.671Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-04-08T08:30:38.560Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in g5theme Book Previewer for Woocommerce book-previewer-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Book Previewer for Woocommerce: from n/a through <= 1.0.6."}], "id": "CVE-2026-39668", "lastModified": "2026-04-08T21:26:35.910", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-08T09:16:38.170", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/book-previewer-for-woocommerce/vulnerability/wordpress-book-previewer-for-woocommerce-plugin-1-0-6-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.0.6]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Book Previewer for Woocommerce", "source": "cna", "vendor": "g5theme"}, "product": "book_previewer_for_woocommerce", "vendor": "g5theme"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-08T10:00:26.774136+00:00", "value": {"mitigation_remediation": ["Update the Book Previewer for Woocommerce plugin to the latest version, once a patched release is available.", "If an update is not immediately available, disable or remove the plugin to eliminate the exposed functionality.", "Verify that preview URLs are protected by proper authentication in any custom configuration.", "Monitor site logs for unauthorized access attempts to preview resources.", "Consult the vendor\u2019s security advisories for any temporary mitigations."], "summary": {"action": "Apply Patch", "impact": "Unauthorized Content Disclosure"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the g5theme Book Previewer for Woocommerce plugin for WordPress, versions from the earliest release through version 1.0.6. WordPress sites that host books or other copyrighted material and rely on this plugin as a preview mechanism are vulnerable.", "description_and_impact": "A missing authorization check in the g5theme Book Previewer for Woocommerce plugin enables attackers to access protected content that should be restricted. The flaw arises from an incorrectly configured access control level, allowing an unauthenticated user to retrieve preview files or sensitive product data. The impact is the potential unauthorized disclosure of proprietary or customer information, potentially compromising confidentiality.", "risk_and_exploitability": "While the CVSS score is not provided, the nature of broken access control typically results in high severity. No EPSS value is available, but an attacker can exploit the flaw simply by crafting a request to the preview endpoint, which is publicly reachable on a WordPress installation. The flaw is not listed in KEV, indicating no known large-scale exploitation yet, but the ease of access poses a significant risk to all affected sites."}}}}, "created": "2026-04-08T19:28:05.103235+00:00", "updated": "2026-04-08T19:41:08.338447+00:00", "vendors": ["g5theme", "g5theme$PRODUCT$book_previewer_for_woocommerce", "wordpress", "wordpress$PRODUCT$wordpress"]}