CVE Catalog

CVE-2026-57648

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.15%

5th percentile — higher than 5% of all known CVEs

Summary

The Nelio Content plugin for WordPress versions 4.3.4 and earlier contains a broken access control vulnerability for contributors. A user with the contributor role can gain unauthorized access to functions or data they should not have permissions for.

Risk Assessment

The risk involves potential privilege escalation by contributors, which could lead to unauthorized content modification, post publishing, or access to sensitive data within the WordPress system.

Recommendation

It is recommended to immediately update the Nelio Content plugin to the latest available version that fixes this vulnerability. Also review and adjust user permissions in WordPress.

Original NVD description (English source)

Contributor Broken Access Control in Nelio Content <= 4.3.4 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS