What is GHSA-249v-wcw9-x5fj?

GHSA-249v-wcw9-x5fj is a security advisory published by GitHub Security Advisories with Medium severity. Missing Authorization vulnerability in Patterns in the cloud Autoship Cloud for WooCommerce...

Which CVE IDs does GHSA-249v-wcw9-x5fj cover?

GHSA-249v-wcw9-x5fj covers the following CVE IDs: CVE-2026-24527. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-249v-wcw9-x5fj?

GHSA-249v-wcw9-x5fj has a CVSS v3 base score of 4.3, published by GitHub Security Advisories.

GHSA-249v-wcw9-x5fjMediumCVSS 4.3

Missing Authorization vulnerability in Patterns in the cloud Autoship Cloud for WooCommerce...

Vendor

GitHub Security Advisories

Published

May 26, 2026

Last Modified

May 26, 2026

🔗 CVE IDs covered (1)

CVE-2026-24527 →

📋 Description

Missing Authorization vulnerability in Patterns in the cloud Autoship Cloud for WooCommerce Subscription Products allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects Autoship Cloud for WooCommerce Subscription Products: from n/a through 2.14.0.

🔗 References (3)

https://nvd.nist.gov/vuln/detail/CVE-2026-24527
https://patchstack.com/database/wordpress/plugin/autoship-cloud/vulnerability/wordpress-autoship-cloud-for-woocommerce-subscription-products-plugin-2-14-0-broken-access-control-vulnerability?_s_id=cve
https://github.com/advisories/GHSA-249v-wcw9-x5fj