CVE-2026-27542
Received Received - Intake

Privilege Escalation via Incorrect Privilege Assignment in Woocommerce Wholesale Lead Capture

Vulnerability report for CVE-2026-27542, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-03-19

Last updated on: 2026-04-29

Assigner: Patchstack

Description

Incorrect Privilege Assignment vulnerability in Rymera Web Co Pty Ltd. Woocommerce Wholesale Lead Capture woocommerce-wholesale-lead-capture allows Privilege Escalation.This issue affects Woocommerce Wholesale Lead Capture: from n/a through <= 2.0.3.1.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-03-19
Last Modified
2026-04-29
Generated
2026-07-06
AI Q&A
2026-03-19
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
rymera_web_co woocommerce_wholesale_lead_capture to 2.0.3.1 (inc)
rymera_web_co woocommerce_wholesale_lead_capture 2.0.3.2

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-266 A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-27542 is a critical privilege escalation vulnerability found in the WordPress WooCommerce Wholesale Lead Capture Plugin versions up to and including 2.0.3.1.

This flaw allows an unauthenticated attacker with low privileges to escalate their access rights to higher privileges, potentially gaining full control over the affected website.

It falls under the OWASP Top 10 category A7: Identification and Authentication Failures and has a very high severity score of 9.8.

The vulnerability is actively exploited and can be mitigated by updating the plugin to version 2.0.3.2 or later.

Impact Analysis

This vulnerability can allow an attacker to escalate their privileges from low or unauthenticated access to higher privileges, potentially gaining full control over your website.

Such control can lead to unauthorized changes, data theft, site defacement, or further exploitation of your system.

Because it is actively exploited and has a high severity score, the risk of compromise is significant if the plugin is not updated.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

The immediate step to mitigate this vulnerability is to update the WooCommerce Wholesale Lead Capture Plugin to version 2.0.3.2 or later.

Until the plugin is updated, you can use mitigation rules provided by Patchstack to block attacks targeting this vulnerability.

Patchstack also offers automatic updates for vulnerable plugins to ensure rapid protection.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-27542. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart