CVE Catalog

CVE-2026-57649

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.21%

12th percentile — higher than 12% of all known CVEs

Summary

The Shoppable Images Lite plugin version 1.3 and earlier contains a vulnerability due to improper access control for subscribers. Users with the subscriber role can gain unauthorized access to features that should be restricted for them.

Risk Assessment

The risk involves potential privilege escalation by subscribers, which may lead to unauthorized content modifications or access to sensitive data in the online store.

Recommendation

It is recommended to immediately update the Shoppable Images Lite plugin to the latest available version that fixes this vulnerability.

Original NVD description (English source)

Subscriber Broken Access Control in Shoppable Images Lite <= 1.3 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS