A vulnerability was found in realmag777 FOX Plugin up to 1.4.5 on WordPress. It has been rated as problematic . This vulnerability affects the function admin_head of the component Configuration Handler . This manipulation of the argument woocs_reset causes missing authorization. This vulnerability is tracked as CVE-2026-4094 . The attack is possible to be carried out remotely. No exploit exists.