CVE-2026-27542 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: March 19, 2026
Rymera Web Co Pty Ltd. Woocommerce Wholesale Lead Capture - Broken Access Control
Overview
Rymera Web Co Pty Ltd. Woocommerce Wholesale Lead Capture <= 2.0.3.1 contains a broken access control vulnerability caused by incorrect privilege assignment, letting attackers escalate their privileges, exploit requires no special conditions.
Severity & Score
Impact
Attackers can escalate their privileges, potentially gaining unauthorized access to restricted functions or data.
Mitigation
Update to the latest version beyond 2.0.3.1.
References
- https://x.com/Nxploited/status/2026761480004137364
- https://patchstack.com/database/wordpress/plugin/woocommerce-wholesale-lead-capture/vulnerability/wordpress-woocommerce-wholesale-lead-capture-plugin-1-17-8-privilege-escalation-vulnerability
- https://patchstack.com/database/wordpress/plugin/woocommerce-wholesale-lead-capture/vulnerability/wordpress-woocommerce-wholesale-lead-capture-plugin-1-17-8-privilege-escalation-vulnerability?_s_id=cve
Social Media Activity(1 post)
š“ CVE-2026-27542 - Critical (9.8) Incorrect Privilege Assignment vulnerability in Rymera Web Co Pty Ltd. Woocommerce Wholesale Lead Capture allows Privilege Escalation.This issue affects Woocommerce Wholesale Lead Capture: from n/a through 2.0.3.1. š https://www.thehackerwire.com/vulnerability/CVE-2026-27542/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-27542
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- broken_access_control
- Status
- unconfirmed
- EPSS
- 1.4%
- Social Posts
- 1
CWE
- CWE-266
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H