What is CVE-2026-2631?

CVE-2026-2631 is a vulnerability in Datalogics Ecommerce Delivery, classified under CWE-269 IMPROPER PRIVILEGE MANAGEMENT. Published 2026-03-11.

Is CVE-2026-2631 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Datalogics Ecommerce Delivery

CVE-2026-2631

The Datalogics Ecommerce Delivery WordPress plugin before 2.6.60 exposes an unauthenticated REST endpoint that allows any remote user to modify the option `datalogics_token` without verification. This token is subsequently used for authen…

EPSS: 0.001 (24.0th percentile) — read the EPSS interpretation.

Affected products

Unknown Datalogics Ecommerce Delivery — versions 0

Public proof-of-concept exploits

AnggaTechI/Mass-Scanner-CVE-2026-2631
Nxploited/CVE-2026-2631

References

wpscan.com/vulnerability/c6a64f26-4007-49a1-aa69-1e3c50223ac7/ (exploit, vdb-entry, technical-description)

Frequently asked questions

What is CVE-2026-2631?: CVE-2026-2631 is a vulnerability in Datalogics Ecommerce Delivery, classified under CWE-269 IMPROPER PRIVILEGE MANAGEMENT. Published 2026-03-11.
Is CVE-2026-2631 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.