CVE Catalog

CVE-2026-57689

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Summary

The Werkstatt plugin in versions 4.7.2 and earlier contains a broken access control vulnerability for subscribers. This allows users with the subscriber role to gain unauthorized access to functions or data.

Risk Assessment

The risk involves potential privilege escalation by subscribers, which could lead to data leakage or unauthorized modifications in the WordPress system.

Recommendation

It is recommended to immediately update the Werkstatt plugin to the latest available version that fixes this vulnerability.

Original NVD description (English source)

Subscriber Broken Access Control in Werkstatt <= 4.7.2 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS