Authorization Bypass in WP Business Intelligence Lite Plugin by WordPress
CVE-2026-15293
8HIGH
What is CVE-2026-15293?
The WP Business Intelligence Lite plugin for WordPress contains a flaw that allows authenticated users with Subscriber-level access or higher to bypass authorization protocols. This vulnerability arises from the plugin's inadequate verification of user permissions, enabling attackers to modify SQL queries stored in the application. When these manipulated queries are accessed by an administrator, it can lead to privilege escalation through arbitrary SQL execution, posing a significant risk to the integrity of the WordPress site.
Affected Version(s)
WP Business Intelligence Lite 0 <= 3.2.0