CVE Catalog
CVE-2026-57622
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk0.26%
17th percentile — higher than 17% of all known CVEs
Summary
The WPCafe plugin in version 3.0.14 and earlier contains a vulnerability of broken access control by a subscriber. A user with the subscriber role can gain unauthorized access to functions intended for administrators.
Risk Assessment
The risk involves the possibility of privilege escalation by a subscriber, which may lead to unauthorized changes in the plugin configuration or access to sensitive data.
Recommendation
It is recommended to immediately update the WPCafe plugin to version 3.0.15 or later, which fixes this vulnerability.
Original NVD description (English source)
Subscriber Broken Access Control in WPCafe <= 3.0.14 versions.

