CVE Catalog
CVE-2026-57731
MediumCVSS 6.5Summary
The Flatsome plugin version 3.20.5 and earlier contains a broken access control vulnerability for contributors. A user with the contributor role can gain unauthorized access to functions or data that should be restricted.
Risk Assessment
The risk involves privilege escalation by contributors, potentially leading to unauthorized content modifications, data theft, or site takeover.
Recommendation
Immediately update the Flatsome plugin to a version later than 3.20.5, which includes a fix for this vulnerability.
Original NVD description (English source)
Contributor Broken Access Control in Flatsome <= 3.20.5 versions.

