CVE Catalog
CVE-2026-57730
MediumCVSS 4.3Summary
The Flatsome plugin version 3.20.5 and earlier contains a broken access control vulnerability for subscribers. This allows unauthorized users with the subscriber role to access functions or data they should not have permissions for.
Risk Assessment
The risk involves potential privilege escalation by subscribers, which could lead to unauthorized access to sensitive data or administrative functions, compromising system confidentiality and integrity.
Recommendation
It is recommended to immediately update the Flatsome plugin to the latest available version that fixes this vulnerability. Also review and restrict permissions for users with the subscriber role.
Original NVD description (English source)
Subscriber Broken Access Control in Flatsome <= 3.20.5 versions.

