PT-2026-22098 · Rymera Web Co Pty · Woocommerce Wholesale Lead Capture

Teemu Saarentaus

Published

2026-02-25

Updated

2026-04-11

CVE-2026-27542

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Woocommerce Wholesale Lead Capture versions through 2.0.3.1

Description An incorrect privilege assignment exists in Woocommerce Wholesale Lead Capture, allowing privilege escalation. Exploitation of this issue does not require authentication and could lead to unauthorized access and manipulation of user roles. The vulnerability stems from incorrect logical operations in the code that grant excessive permissions to users.

Recommendations Versions prior to 2.0.3.1 should be updated.

Fix

LPE

Incorrect Privilege Assignment

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-266

Related Identifiers

CVE-2026-27542

Affected Products

Woocommerce Wholesale Lead Capture

PT-2026-22098 · Rymera Web Co Pty · Woocommerce Wholesale Lead Capture

CVE-2026-27542

Weakness Enumeration

Related Identifiers

Affected Products

References · 11