# CVE-2026-57760: Sendcloud Shipping Auth Bypass Flaw

_Monday, July 6, 2026 at 8:00 AM EDT · Security · Latest · Tier 2 — Notable_

![CVE-2026-57760: Sendcloud Shipping Auth Bypass Flaw — Primary](https://images.contentstack.io/v3/assets/blt53c99b43892c2378/blt80600f8100309753/6967aa812269f800082a0705/FY25_Homepage_SocialCard.jpg)

Security researchers disclosed CVE-2026-57760, a missing authorization vulnerability in the Sendcloud Shipping WordPress plugin. The flaw, tracked under CWE-862, affects all plugin versions up to and including 1.0.29. It stems from incorrectly configured access control security levels on plugin endpoints, SentinelOne reported. Attackers can reach protected functionality over the network without authentication or user interaction. Successful exploitation results in limited integrity impact by allowing unauthorized modification of data managed by the plugin. Confidentiality and availability are not affected. SentinelOne describes CVE-2026-57760 as an authorization bypass vulnerability in Sendcloud Shipping that allows attackers to exploit misconfigured access controls. Site owners running the Sendcloud Connected Shipping plugin should upgrade to a fixed release once available from the vendor. The details were published in the SentinelOne vulnerability database.

## Sources

- [SentinelOne](https://www.sentinelone.com/vulnerability-database/cve-2026-57760/)

---
Canonical: https://techandbusiness.org/newswire/aD45H1NEbb1bqELwluXxvP
Retrieved: 2026-07-06T22:50:29.515Z
Publisher: Tech & Business (techandbusiness.org)
