Authorization Bypass in WP Business Intelligence Lite Plugin by WordPress
CVE-2026-15293

8HIGH

Key Information:

Vendor

WordPress

Vendor
CVE Published:
10 July 2026

What is CVE-2026-15293?

The WP Business Intelligence Lite plugin for WordPress contains a flaw that allows authenticated users with Subscriber-level access or higher to bypass authorization protocols. This vulnerability arises from the plugin's inadequate verification of user permissions, enabling attackers to modify SQL queries stored in the application. When these manipulated queries are accessed by an administrator, it can lead to privilege escalation through arbitrary SQL execution, posing a significant risk to the integrity of the WordPress site.

Affected Version(s)

WP Business Intelligence Lite 0 <= 3.2.0

References

CVSS V3.1

Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Nabil Irawan
.