Unauthorized Access Issue in Long Watch Studio MyRewards Plugin
CVE-2026-40786

Currently unrated

Key Information:

Vendor: WordPress
Status: Myrewards
Vendor: CVE Published:; 15 April 2026

What is CVE-2026-40786?

A missing authorization vulnerability exists in the MyRewards plugin for WordPress, developed by Long Watch Studio. This flaw allows an attacker to exploit incorrectly configured access control security levels, potentially enabling unauthorized access to sensitive functionalities. The issue affects all versions of MyRewards up to and including 5.7.3, highlighting the importance of keeping your plugins updated and properly configured to mitigate security risks.

Affected Version(s)

MyRewards 0 <= 5.7.3

References

https://patchstack.com/database/Wordpress/Plugin/woorewar...

vdb-entry

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 15, 2026
Vulnerability Reserved
Apr 15, 2026

Credit

Muhan Luo | Patchstack Bug Bounty Program

CVE-2026-40786 Data

JSON