Description
Missing Authorization vulnerability in Tobias CF7 WOW Styler allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects CF7 WOW Styler: from n/a through 1.7.6.
Published: 2026-05-21
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a missing authorization flaw that permits exploitation of incorrectly configured access control security levels. Based on the description, it is inferred that this broken access control may allow unauthenticated or improperly authenticated users to access privileged data or functions. The weakness is classified as CWE‑862, indicating improper enforcement of authorization checks.

Affected Systems

The affected product is the Tobias CF7 WOW Styler plugin for WordPress. All versions up through 1.7.6, including any prior releases, are vulnerable. No other vendors or products are listed.

Risk and Exploitability

The CVSS score of 5.3 marks this issue as moderately severe, with no EPSS metric available and it is not listed in the CISA KEV catalog. Based on the description, it is inferred that the likely attack vector is remote access via the web interface, where an attacker can use normal user flows to gain higher privileges than intended. Because the flaw is an authorization failure, exploitation requires only entry to the WordPress site and does not necessitate other conditions, making the risk tangible for sites that rely on the default or incorrect configuration.

Generated by OpenCVE AI on May 21, 2026 at 10:51 UTC.

Remediation

Vendor Solution

Update the WordPress CF7 WOW Styler Plugin to the latest available version (at least 1.8.5).

OpenCVE Recommended Actions

  • Update the CF7 WOW Styler Plugin to version 1.8.5 or later.
  • Review and enforce correct access control settings so that only authorized users can perform privileged operations.
  • If the plugin is no longer required, remove or disable it entirely to eliminate the exposed path.

Generated by OpenCVE AI on May 21, 2026 at 10:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 21 May 2026 09:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Tobias CF7 WOW Styler allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CF7 WOW Styler: from n/a through 1.7.6.
Title WordPress CF7 WOW Styler plugin <= 1.7.6 - Broken Access Control vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-05-21T08:24:57.386Z

Reserved: 2026-02-19T09:52:03.313Z

Link: CVE-2026-27393

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-21T09:16:26.780

Modified: 2026-05-21T09:16:26.780

Link: CVE-2026-27393

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-21T11:00:11Z

Weaknesses