PatchSiren cyber security CVE debrief
CVE-2026-57410 MailerPress Team CVE debrief
CVE-2026-57410 is an Incorrect Privilege Assignment vulnerability in MailerPress Team MailerPress. The vulnerability affects MailerPress from n/a through <= 2.0.2 and has a CVSS score of 8.8, indicating a high severity. The CVE record was published on 2026-07-13T10:16:34.767Z and has not been modified since then. This vulnerability allows for privilege escalation due to incorrect privilege assignment in the MailerPress plugin, potentially leading to unauthorized access and control of the affected system. Users should review the official CVE record and NVD details for further information. Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up. Review compensating controls for exposed systems while remediation is scheduled and verified.
- Vendor
- MailerPress Team
- Product
- MailerPress
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-13
- Original CVE updated
- 2026-07-13
- Advisory published
- 2026-07-13
- Advisory updated
- 2026-07-13
Who should care
Users of MailerPress plugin for WordPress, especially those using versions from n/a through <= 2.0.2, should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability is caused by an incorrect privilege assignment in the MailerPress plugin. This allows for privilege escalation, which can lead to unauthorized access and control of the affected system. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Defensive priority
High priority should be given to updating MailerPress to a version that is not vulnerable. Additionally, monitoring and compensating controls should be implemented to limit the impact of the vulnerability until a patch is applied.
Recommended defensive actions
- Update MailerPress to a version that is not vulnerable.
- Monitor for any suspicious activity on the affected system.
- Implement compensating controls to limit the impact of the vulnerability.
Evidence notes
The CVE record was published on 2026-07-13T10:16:34.767Z and has not been modified since then. The NVD entry is currently Received. The vulnerability was reported by [email protected]. Evidence is limited to CVE and NVD data, with no additional information available.
Official resources
-
CVE-2026-57410 CVE record
CVE.org
-
CVE-2026-57410 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T10:16:34.767Z and has not been modified since then. The NVD entry is currently Received.