PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-49047 DearHive CVE debrief

A Missing Authorization vulnerability in the DearFlip WordPress plugin allows authenticated users with low privileges to exploit incorrectly configured access control security levels. The vulnerability affects all versions from n/a through 2.4.27. The issue was disclosed on 2026-05-27 and carries a CVSS 3.1 score of 4.3 (Medium severity), indicating limited impact on confidentiality with no impact on integrity or availability. The vulnerability is classified under CWE-862 (Missing Authorization). The NVD entry currently shows a status of 'Deferred'. No known exploitation in ransomware campaigns has been reported, and the vulnerability has not been added to CISA's Known Exploited Vulnerabilities catalog.

Vendor
DearHive
Product
DearFlip
CVSS
MEDIUM 4.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-27
Original CVE updated
2026-05-27
Advisory published
2026-05-27
Advisory updated
2026-05-27

Who should care

WordPress site administrators and security teams managing deployments with the DearFlip plugin installed; developers maintaining WordPress plugin security postures; managed service providers hosting WordPress environments

Technical summary

The DearFlip plugin for WordPress contains a Missing Authorization vulnerability (CWE-862) that permits exploitation of incorrectly configured access control security levels. Affected versions span from initial release through 2.4.27. The vulnerability requires network access and low-privileged authentication but no user interaction, allowing attackers to potentially access unauthorized functionality or data within the plugin's scope.

Defensive priority

medium

Recommended defensive actions

  • Update DearFlip WordPress plugin to a version newer than 2.4.27 if available, or apply vendor-provided patches referenced in security advisories
  • Review and harden access control configurations in WordPress environments using DearFlip
  • Monitor WordPress admin logs for unauthorized access attempts to DearFlip functionality by low-privileged users
  • Consider implementing additional authorization checks at the web application firewall level for DearFlip endpoints until patching is complete

Evidence notes

Vulnerability disclosed via Patchstack and indexed in NVD with 'Deferred' status. CVSS vector confirms network attack vector with low attack complexity, requiring low privileges and no user interaction.

Official resources

2026-05-27