Broken Access Control in myCred Plugin by WordPress
CVE-2026-40794
6.5MEDIUM
What is CVE-2026-40794?
The myCred plugin for WordPress versions up to 3.0.3 is susceptible to a broken access control vulnerability that can allow unauthorized users to gain access to restricted functionalities. This flaw poses security risks to installations using the affected plugin, enabling potential data manipulation and exposure. Users are advised to update to the latest version to mitigate any risks associated with this vulnerability.
Affected Version(s)
myCred <= 3.0.3