CVE-2026-57685
MediumCVSS 4.3Summary
The Martfury - WooCommerce Marketplace WordPress theme version 3.2.8 and earlier contains a broken access control vulnerability for subscribers. It allows users with the subscriber role to gain unauthorized access to functions or data that should be restricted.
Risk Assessment
The risk involves potential privilege escalation by subscribers, which could lead to unauthorized access to sensitive data or store functions, compromising system integrity and confidentiality.
Recommendation
It is recommended to immediately update the Martfury - WooCommerce Marketplace theme to the latest available version that fixes this vulnerability. Also review and restrict permissions for users with the subscriber role.
Original NVD description (English source)
Subscriber Broken Access Control in Martfury - WooCommerce Marketplace WordPress Theme <= 3.2.8 versions.

