CVE Catalog
CVE-2026-57689
MediumCVSS 4.3Summary
The Werkstatt plugin in versions 4.7.2 and earlier contains a broken access control vulnerability for subscribers. This allows users with the subscriber role to gain unauthorized access to functions or data.
Risk Assessment
The risk involves potential privilege escalation by subscribers, which could lead to data leakage or unauthorized modifications in the WordPress system.
Recommendation
It is recommended to immediately update the Werkstatt plugin to the latest available version that fixes this vulnerability.
Original NVD description (English source)
Subscriber Broken Access Control in Werkstatt <= 4.7.2 versions.

