What is the CVSS score of CVE-2026-42753?

CVE-2026-42753 has a CVSS 3.1 base score of 7.3 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L. EPSS exploitation probability: 0.0%.

Which versions of WC Lovers WCFM Membership are affected by CVE-2026-42753?

The WCFM Membership WordPress plugin (versions up to 2.11.10) contains a remote, unauthenticated broken access control vulnerability enabling attackers to bypass authorization and reach restricted…

WC Lovers WCFM Membership CVE-2026-42753

Q: How to fix or mitigate CVE-2026-42753?

Within 24 hours: Disable the WCFM Membership plugin or implement Web Application Firewall rules to require authentication before accessing membership endpoints. Within 7 days: Audit access logs for unauthorized access attempts, contact WC Lovers for patch status and estimated timeline, and enable detailed logging on membership-related requests. Within 30 days: Apply vendor patch once released, verify functionality across all member tiers, and complete forensic review of access logs for any exploitation indicators.

EUVD-2026-32200 HIGH

Missing Authorization (CWE-862)

2026-05-27 audit@patchstack.com

GHSA-fq8f-6hrp-6mfv

Authentication Bypass

7.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

Analysis Generated

May 27, 2026 - 20:37 vuln.today

DescriptionNVD

Missing Authorization vulnerability in WC Lovers WCFM Membership wc-multivendor-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM Membership: from n/a through <= 2.11.10.

AnalysisAI

Broken access control in the WCFM Membership (wc-multivendor-membership) WordPress plugin by WC Lovers, affecting all versions up to and including 2.11.10, lets remote attackers reach functionality that should be authorization-gated. Because the vulnerable path is exposed over the network with no privileges or user interaction required (CVSS 7.3), unauthenticated actors can exploit incorrectly enforced access-control levels, though the impact to confidentiality, integrity, and availability is rated Low for each. …

RemediationAI

Within 24 hours: Disable the WCFM Membership plugin or implement Web Application Firewall rules to require authentication before accessing membership endpoints. Within 7 days: Audit access logs for unauthorized access attempts, contact WC Lovers for patch status and estimated timeline, and enable detailed logging on membership-related requests. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-42753 vulnerability details – vuln.today

Back