CVE Catalog

CVE-2026-57720

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.20%

10th percentile — higher than 10% of all known CVEs

Summary

The ThumbPress WordPress plugin contains a missing authorization vulnerability that allows exploiting incorrectly configured access control security levels. This issue affects all versions from n/a through 6.3.2.

Risk Assessment

An attacker can gain unauthorized access to administrative functions of the plugin, potentially leading to settings modification, data theft, or privilege escalation within the WordPress environment.

Recommendation

Immediately update the ThumbPress plugin to the latest available version that fixes this vulnerability. If no update is available, temporarily disable the plugin until a patch is released.

Original NVD description (English source)

Missing Authorization vulnerability in Codexpert Inc ThumbPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ThumbPress: from n/a through 6.3.2.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS