PatchSiren cyber security CVE debrief
CVE-2026-40782 Greg Winiarski CVE debrief
CVE-2026-40782 is a MEDIUM severity vulnerability with a CVSS score of 6.5. It is an Unauthenticated Broken Access Control issue affecting WPAdverts plugin versions up to 2.3.0.
- Vendor
- Greg Winiarski
- Product
- WPAdverts
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of WPAdverts plugin versions up to 2.3.0 should apply patches or mitigations to prevent exploitation.
Technical summary
The vulnerability has been described as CWE-862. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L.
Defensive priority
MEDIUM
Recommended defensive actions
- Apply patches or updates to WPAdverts plugin to version above 2.3.0.
- Restrict access to sensitive areas of the plugin if patches cannot be applied immediately.
Evidence notes
Evidence from Patchstack indicates the vulnerability exists in WPAdverts plugin versions up to 2.3.0.
Official resources
-
CVE-2026-40782 CVE record
CVE.org
-
CVE-2026-40782 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-40782 was published on 2026-06-15T21:16:50.700Z and modified on 2026-06-15T21:24:32.790Z.