CVE-2026-57720
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk10th percentile — higher than 10% of all known CVEs
Summary
The ThumbPress WordPress plugin contains a missing authorization vulnerability that allows exploiting incorrectly configured access control security levels. This issue affects all versions from n/a through 6.3.2.
Risk Assessment
An attacker can gain unauthorized access to administrative functions of the plugin, potentially leading to settings modification, data theft, or privilege escalation within the WordPress environment.
Recommendation
Immediately update the ThumbPress plugin to the latest available version that fixes this vulnerability. If no update is available, temporarily disable the plugin until a patch is released.
Original NVD description (English source)
Missing Authorization vulnerability in Codexpert Inc ThumbPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ThumbPress: from n/a through 6.3.2.

