CVE-2026-27542 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: March 19, 2026
Rymera Web Co Pty Ltd. Woocommerce Wholesale Lead Capture - Broken Access Control
Published: March 19, 2026Updated: March 19, 2026KEVRemote Exploitable
Overview
Rymera Web Co Pty Ltd. Woocommerce Wholesale Lead Capture <= 2.0.3.1 contains a broken access control vulnerability caused by incorrect privilege assignment, letting attackers escalate their privileges, exploit requires no special conditions.
Severity & Score
Severity: Critical
CVSS Score: 9.8
Impact
Attackers can escalate their privileges, potentially gaining unauthorized access to restricted functions or data.
Mitigation
Update to the latest version beyond 2.0.3.1.
References
- https://x.com/Nxploited/status/2026761480004137364
- https://patchstack.com/database/wordpress/plugin/woocommerce-wholesale-lead-capture/vulnerability/wordpress-woocommerce-wholesale-lead-capture-plugin-1-17-8-privilege-escalation-vulnerability
- https://patchstack.com/database/wordpress/plugin/woocommerce-wholesale-lead-capture/vulnerability/wordpress-woocommerce-wholesale-lead-capture-plugin-1-17-8-privilege-escalation-vulnerability?_s_id=cve
Related Resources
Details
- CVE ID
- CVE-2026-27542
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- broken_access_control
- Status
- new
CWE
- CWE-266
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H