CVE Catalog

CVE-2026-57730

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Summary

The Flatsome plugin version 3.20.5 and earlier contains a broken access control vulnerability for subscribers. This allows unauthorized users with the subscriber role to access functions or data they should not have permissions for.

Risk Assessment

The risk involves potential privilege escalation by subscribers, which could lead to unauthorized access to sensitive data or administrative functions, compromising system confidentiality and integrity.

Recommendation

It is recommended to immediately update the Flatsome plugin to the latest available version that fixes this vulnerability. Also review and restrict permissions for users with the subscriber role.

Original NVD description (English source)

Subscriber Broken Access Control in Flatsome <= 3.20.5 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS