CVE Catalog
CVE-2026-57661
MediumCVSS 5.4Exploitation Probability (EPSS)
Low risk0.22%
13th percentile — higher than 13% of all known CVEs
Summary
The WPComplete plugin versions up to 2.9.5.5 contain a vulnerability involving broken access control by a subscriber. A user with the subscriber role can gain unauthorized access to functions intended for higher roles.
Risk Assessment
The risk involves potential privilege escalation by a subscriber, which may lead to unauthorized access to sensitive data or administrative functions.
Recommendation
It is recommended to immediately update the WPComplete plugin to a version later than 2.9.5.5, where this vulnerability has been fixed.
Original NVD description (English source)
Subscriber Broken Access Control in WPComplete <= 2.9.5.5 versions.

