CVE-2026-57648
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk5th percentile — higher than 5% of all known CVEs
Summary
The Nelio Content plugin for WordPress versions 4.3.4 and earlier contains a broken access control vulnerability for contributors. A user with the contributor role can gain unauthorized access to functions or data they should not have permissions for.
Risk Assessment
The risk involves potential privilege escalation by contributors, which could lead to unauthorized content modification, post publishing, or access to sensitive data within the WordPress system.
Recommendation
It is recommended to immediately update the Nelio Content plugin to the latest available version that fixes this vulnerability. Also review and adjust user permissions in WordPress.
Original NVD description (English source)
Contributor Broken Access Control in Nelio Content <= 4.3.4 versions.

