PatchSiren cyber security CVE debrief
CVE-2026-40796 ollybach CVE debrief
A Subscriber Sensitive Data Exposure vulnerability was discovered in WPPizza versions up to 3.19.9. This vulnerability has been assigned a CVSS score of 6.5, indicating a medium severity level. The vulnerability allows an attacker to access sensitive subscriber data, potentially leading to privacy issues and other security concerns.
- Vendor
- ollybach
- Product
- WPPizza
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of WPPizza plugin versions up to 3.19.9 should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability is caused by inadequate access controls, allowing low-privileged users to access sensitive data. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.
Defensive priority
medium
Recommended defensive actions
- Update WPPizza to a version that fixes this vulnerability.
- Review and restrict access to sensitive subscriber data.
- Monitor for any suspicious activity related to subscriber data access.
Evidence notes
Evidence for this vulnerability comes from Patchstack, as referenced in the CVE record.
Official resources
-
CVE-2026-40796 CVE record
CVE.org
-
CVE-2026-40796 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-40796 was published on 2026-06-15T21:16:52.023Z and modified on 2026-06-15T21:24:32.790Z.