CVE Catalog

CVE-2026-42753

High
Published: Translated: NVD NIST

Summary

CVE-2026-42753 describes a missing authorization vulnerability in the WC Lovers WCFM Membership plugin, allowing exploitation of incorrectly configured access control security levels. This issue affects WCFM Membership from n/a through version 2.11.10.

Risk Assessment

The lack of proper authorization may lead to unauthorized access to resources, posing a serious threat to the organization's data security.

Recommendation

It is recommended to update the WCFM Membership plugin to the latest version to mitigate this vulnerability and conduct an access configuration audit.

Original NVD description (English source)

Missing Authorization vulnerability in WC Lovers WCFM Membership wc-multivendor-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM Membership: from n/a through <= 2.11.10.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS