Skip to main content

Multiloca CVE-2026-39546

| EUVDEUVD-2026-37674 HIGH
Incorrect Privilege Assignment (CWE-266)
2026-06-17 Patchstack
7.6
CVSS 3.1 · Vendor: Patchstack
Share

Severity by source

Vendor (Patchstack) PRIMARY
7.6 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

Primary rating from Vendor (Patchstack) · only source for this CVE.

CVSS VectorVendor: Patchstack

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
Low

Lifecycle Timeline

1
Analysis Generated
Jun 17, 2026 - 12:23 vuln.today

DescriptionCVE.org

Subscriber Privilege Escalation in MultiLoca <= 4.2.15 versions.

AnalysisAI

Privilege escalation in TechSpawn MultiLoca (WooCommerce Multi Locations Inventory Management) plugin versions 4.2.15 and earlier allows authenticated subscriber-level users to elevate their privileges within affected WordPress sites. The flaw, classified under CWE-266 (Incorrect Privilege Assignment), carries a CVSS 7.6 score with no public exploit identified at time of analysis. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Recommended ActionAI

Within 24 hours: Identify all WordPress installations running TechSpawn MultiLoca and document current plugin versions. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-39546 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy