CVE Catalog

CVE-2026-57661

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.22%

13th percentile — higher than 13% of all known CVEs

Summary

The WPComplete plugin versions up to 2.9.5.5 contain a vulnerability involving broken access control by a subscriber. A user with the subscriber role can gain unauthorized access to functions intended for higher roles.

Risk Assessment

The risk involves potential privilege escalation by a subscriber, which may lead to unauthorized access to sensitive data or administrative functions.

Recommendation

It is recommended to immediately update the WPComplete plugin to a version later than 2.9.5.5, where this vulnerability has been fixed.

Original NVD description (English source)

Subscriber Broken Access Control in WPComplete <= 2.9.5.5 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS