CVE-2026-56038
Deferred Deferred - Pending Action
Privilege Escalation in Frisbii Pay <= 1.8.2

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: Patchstack

Description
Contributor Privilege Escalation in Frisbii Pay <= 1.8.2 versions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-06-26
AI Q&A
2026-06-26
EPSS Evaluated
N/A
NVD
CVE-2026-56038
EUVD
EUVD-2026-39700
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
frisbii pay to 1.8.3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The WordPress Frisbii Pay Plugin, versions 1.8.2 and below, contains a privilege escalation vulnerability (CVE-2026-56038). This flaw allows attackers who have low-level access, such as users with Contributor roles, to escalate their privileges and potentially gain full control over the website.

This vulnerability is classified under the OWASP Top 10 category A7, which relates to Identification and Authentication Failures.

Impact Analysis

If exploited, this vulnerability can allow an attacker with limited access to escalate their privileges and gain full control of the affected website.

Such control could lead to unauthorized changes, data theft, or disruption of services.

The CVSS score of 8.8 indicates a high severity risk, meaning it poses a significant threat and could be exploited in widespread attacks targeting many websites.

Immediate action, such as updating the plugin or applying mitigation rules, is recommended to reduce the risk.

Mitigation Strategies

Immediate action is recommended to mitigate the privilege escalation vulnerability in the WordPress Frisbii Pay Plugin versions 1.8.2 and below.

  • Update the Frisbii Pay plugin to version 1.8.2.1 or later.
  • If updating is not possible, seek assistance from your hosting provider or web developer.
  • Apply the mitigation rule provided by Patchstack to block attacks until the plugin is updated.
Compliance Impact

The vulnerability allows attackers with low-level access to escalate their privileges and potentially gain full control of the website. This could lead to unauthorized access to sensitive data, which may impact compliance with standards and regulations such as GDPR and HIPAA that require strict access controls and protection of personal and health information.

Because the vulnerability falls under OWASP Top 10 category A7 (Identification and Authentication Failures), it indicates weaknesses in authentication mechanisms, which are critical for regulatory compliance.

Immediate remediation is recommended to prevent exploitation that could result in data breaches or unauthorized data manipulation, both of which have compliance implications.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-56038. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart