Skip to main content

Faust Js

1 CVEs product

Monthly

CVE-2026-49062 HIGH This Week

Authentication bypass in WP Engine's Faust.js (faustwp) plugin through version 1.8.7 enables password recovery exploitation, allowing an attacker with low privileges to abuse an alternate authentication path and take over accounts. The flaw maps to CWE-288 and carries a CVSS 3.1 score of 8.8 (high) with full confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, but the low attack complexity and network vector make this a high-priority concern for WordPress headless deployments.

Authentication Bypass Faust Js
NVD
CVSS 3.1
8.8
EPSS
0.3%
EPSS 0% CVSS 8.8
HIGH This Week

Authentication bypass in WP Engine's Faust.js (faustwp) plugin through version 1.8.7 enables password recovery exploitation, allowing an attacker with low privileges to abuse an alternate authentication path and take over accounts. The flaw maps to CWE-288 and carries a CVSS 3.1 score of 8.8 (high) with full confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, but the low attack complexity and network vector make this a high-priority concern for WordPress headless deployments.

Authentication Bypass Faust Js
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy