CYBERHAWK / CVE / CVE-2026-10580

CVE-2026-10580

CRITICAL CVSS 9.8 other

The flaw

The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass leading to Administrator Account Takeover in all versions up to and including 1.9.4. This is due to a logic conflation in HippooPermissions::g

What to do

Review advisory and patch per vendor guidance.

▸ Scan my repo for CVE-2026-10580

References

NVD CISA KEV OSV GitHub Advisory MITRE News search

First seen 2026-06-12 · Tracked by PickBits CyberHawk · Weekly CVE digest

← All CVEs RSS Scheduled audits