CVE Catalog

CVE-2026-57622

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.26%

17th percentile — higher than 17% of all known CVEs

Summary

The WPCafe plugin in version 3.0.14 and earlier contains a vulnerability of broken access control by a subscriber. A user with the subscriber role can gain unauthorized access to functions intended for administrators.

Risk Assessment

The risk involves the possibility of privilege escalation by a subscriber, which may lead to unauthorized changes in the plugin configuration or access to sensitive data.

Recommendation

It is recommended to immediately update the WPCafe plugin to version 3.0.15 or later, which fixes this vulnerability.

Original NVD description (English source)

Subscriber Broken Access Control in WPCafe <= 3.0.14 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS