Missing Authorization Vulnerability in DearFlip by DearHive
CVE-2026-49047

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Dearflip
Vendor: CVE Published:; 27 May 2026

What is CVE-2026-49047?

A missing authorization vulnerability exists in the DearFlip plugin by DearHive, which enables attackers to exploit incorrectly configured access control security levels. This could allow unauthorized access to sensitive features or functionality, potentially compromising applications that utilize this plugin. The affected versions range from n/a to 2.4.27, making it crucial for users to review their configurations and apply necessary security measures to mitigate this risk.

Affected Version(s)

DearFlip <= 2.4.27

References

https://patchstack.com/database/wordpress/plugin/3d-flipb...

vdb-entry

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
May 27, 2026

Credit

timomangcut | Patchstack Bug Bounty Program

CVE-2026-49047 Data

JSON