CVE Catalog
CVE-2026-57649
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk0.21%
12th percentile — higher than 12% of all known CVEs
Summary
The Shoppable Images Lite plugin version 1.3 and earlier contains a vulnerability due to improper access control for subscribers. Users with the subscriber role can gain unauthorized access to features that should be restricted for them.
Risk Assessment
The risk involves potential privilege escalation by subscribers, which may lead to unauthorized content modifications or access to sensitive data in the online store.
Recommendation
It is recommended to immediately update the Shoppable Images Lite plugin to the latest available version that fixes this vulnerability.
Original NVD description (English source)
Subscriber Broken Access Control in Shoppable Images Lite <= 1.3 versions.

