Description
Missing Authorization vulnerability in Tobias CF7 WOW Styler allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects CF7 WOW Styler: from n/a through 1.7.6.
Published: 2026-05-21
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a missing authorization flaw that permits exploitation of incorrectly configured access control security levels. Based on the description, it is inferred that this broken access control may allow unauthenticated or improperly authenticated users to access privileged data or functions. The weakness is classified as CWE‑862, indicating improper enforcement of authorization checks.

Affected Systems

The affected product is the Tobias CF7 WOW Styler plugin for WordPress. All versions up through 1.7.6, including any prior releases, are vulnerable. No other vendors or products are listed.

Risk and Exploitability

The CVSS score of 5.3 marks this issue as moderately severe, with no EPSS metric available and it is not listed in the CISA KEV catalog. Based on the description, it is inferred that the likely attack vector is remote access via the web interface, where an attacker can use normal user flows to gain higher privileges than intended. Because the flaw is an authorization failure, exploitation requires only entry to the WordPress site and does not necessitate other conditions, making the risk tangible for sites that rely on the default or incorrect configuration.

Generated by OpenCVE AI on May 21, 2026 at 10:51 UTC.

Remediation

Vendor Solution

Update the WordPress CF7 WOW Styler Plugin to the latest available version (at least 1.8.5).

OpenCVE Recommended Actions

  • Update the CF7 WOW Styler Plugin to version 1.8.5 or later.
  • Review and enforce correct access control settings so that only authorized users can perform privileged operations.
  • If the plugin is no longer required, remove or disable it entirely to eliminate the exposed path.

Generated by OpenCVE AI on May 21, 2026 at 10:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 22 May 2026 13:15:00 +0000

Type Values Removed Values Added
First Time appeared Tobias
Tobias cf7 Wow Styler
Wordpress
Wordpress wordpress
Vendors & Products Tobias
Tobias cf7 Wow Styler
Wordpress
Wordpress wordpress

Thu, 21 May 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 21 May 2026 09:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Tobias CF7 WOW Styler allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CF7 WOW Styler: from n/a through 1.7.6.
Title WordPress CF7 WOW Styler plugin <= 1.7.6 - Broken Access Control vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

Tobias Cf7 Wow Styler
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-05-21T14:13:54.804Z

Reserved: 2026-02-19T09:52:03.313Z

Link: CVE-2026-27393

cve-icon Vulnrichment

Updated: 2026-05-21T14:13:50.281Z

cve-icon NVD

Status : Deferred

Published: 2026-05-21T09:16:26.780

Modified: 2026-05-21T15:19:30.540

Link: CVE-2026-27393

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-22T12:38:48Z

Weaknesses