Skip to main content

MeetingHub EUVDEUVD-2026-43399

| CVE-2026-57781 MEDIUM
Missing Authorization (CWE-862)
2026-07-13 Patchstack
5.3
CVSS 3.1 · Vendor: Patchstack
Share

Severity by source

Vendor (Patchstack) PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
vuln.today AI
5.3 MEDIUM

Network-reachable with no authentication per CWE-862 bypass; scope unchanged and impact limited to low integrity writes with no data disclosure or availability loss.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (Patchstack).

CVSS VectorVendor: Patchstack

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

1
Analysis Generated
Jul 13, 2026 - 11:19 vuln.today

DescriptionCVE.org

Missing Authorization vulnerability in Sovlix MeetingHub meetinghub allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MeetingHub: from n/a through <= 1.25.10.

AnalysisAI

Missing authorization in the MeetingHub WordPress plugin (versions through 1.25.10) allows unauthenticated remote attackers to exploit incorrectly configured access control and perform unauthorized integrity-affecting actions. The CVSS vector (PR:N/AV:N/AC:L/UI:N) confirms no authentication or user interaction is required, making any WordPress installation running an affected version directly exposed from the network. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify WordPress site running MeetingHub ≤1.25.10
Delivery
Send unauthenticated HTTP request to vulnerable plugin endpoint
Exploit
Bypass absent authorization check
Execution
Execute unauthorized plugin action
Impact
Modify meeting or booking data

Vulnerability AssessmentAI

Exploitation No special attacker-side conditions are required - the CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms remote unauthenticated exploitation against any WordPress site running MeetingHub 1.25.10 or earlier with the plugin active. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The NVD CVSS 3.1 score of 5.3 Medium (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) accurately captures the moderate real-world risk: the attack is trivially reachable from the internet with no authentication, but the blast radius is limited to integrity modifications (I:L) with zero confidentiality or availability impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An unauthenticated attacker scans for WordPress sites with MeetingHub installed, then crafts an HTTP POST or GET request directly to the vulnerable plugin endpoint (AJAX action or REST route) without supplying any authentication credentials or cookies. The missing authorization check allows the request to proceed, enabling the attacker to modify meeting records, bookings, or other plugin-managed data. …
Remediation Update the MeetingHub plugin to a version beyond 1.25.10 via the WordPress plugin dashboard or wp-cli (wp plugin update meetinghub). … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-43399 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy