Hippoo Mobile App for WooCommerce <= 1.9.4 - Authentication Bypass to Admin Account Takeover CVE-2026-10580

Name: Hippoo Mobile App for WooCommerce <= 1.9.4 - Authentication Bypass to Admin Account Takeover (CVE-2026-10580)
Published: 2026-06-11T00:00:00.000Z

Severity
EPSS Score
EPSS Percentile

Vulnerability description: Not available
Risk description: Not available
Recommendation: Not available
References: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/hippoo/hippoo-mobile-app-for-woocommerce-194-unauthenticated-authentication-bypass-to-administrator-account-takeover-via-rest-api https://plugins.trac.wordpress.org/changeset/3557733
Codename: Not available

Detectable with: Network Scanner
Scan engine: Nuclei
Cisa Kev: No
Exploitable with Sniper: No
CVE Published: Jun 5, 2026
Detection added at: Jun 11, 2026
Software Type: Not available
Vendor: Not available
Product: Not available

Detect this vulnerability now!

Check your clients' targets (or your own) for this vulnerability and thousands more! Get proof for validation with our ethical hacking toolkit.

Try the Free Edition Compare paid plans

Hippoo Mobile App for WooCommerce <= 1.9.4 - Authentication Bypass to Admin Account Takeover CVE-2026-10580

Detect this vulnerability now!

One of EMEA's fastest-growing tech companies

Independently audited company-wide ISMS

50,000+ security folks are here. Are you?

Security leaders trust what they can prove