CVE Catalog

CVE-2026-57685

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Summary

The Martfury - WooCommerce Marketplace WordPress theme version 3.2.8 and earlier contains a broken access control vulnerability for subscribers. It allows users with the subscriber role to gain unauthorized access to functions or data that should be restricted.

Risk Assessment

The risk involves potential privilege escalation by subscribers, which could lead to unauthorized access to sensitive data or store functions, compromising system integrity and confidentiality.

Recommendation

It is recommended to immediately update the Martfury - WooCommerce Marketplace theme to the latest available version that fixes this vulnerability. Also review and restrict permissions for users with the subscriber role.

Original NVD description (English source)

Subscriber Broken Access Control in Martfury - WooCommerce Marketplace WordPress Theme <= 3.2.8 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS