PT-2026-22098 · Rymera Web Co Pty · Woocommerce Wholesale Lead Capture

Teemu Saarentaus

Publicado

2026-02-25

Atualizado

2026-04-11

CVE-2026-27542

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Woocommerce Wholesale Lead Capture versions through 2.0.3.1

Description An incorrect privilege assignment exists in Woocommerce Wholesale Lead Capture, allowing privilege escalation. Exploitation of this issue does not require authentication and could lead to unauthorized access and manipulation of user roles. The vulnerability stems from incorrect logical operations in the code that grant excessive permissions to users.

Recommendations Versions prior to 2.0.3.1 should be updated.

Correção

LPE

Incorrect Privilege Assignment

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-266

Identificadores relacionados

CVE-2026-27542

Produtos afetados

Woocommerce Wholesale Lead Capture

PT-2026-22098 · Rymera Web Co Pty · Woocommerce Wholesale Lead Capture

CVE-2026-27542

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11