PatchSiren cyber security CVE debrief
CVE-2026-57406 Roxnor CVE debrief
A Missing Authorization vulnerability in Roxnor FundEngine wp-fundraising-donation allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects FundEngine: from n/a through <= 1.7.6. The vulnerability has a CVSS score of 6.5 and is classified as MEDIUM severity. Users of FundEngine wp-fundraising-donation plugin for WordPress should verify their installation and update to a patched version if necessary. The CVE record was published on 2026-07-13T10:16:34.300Z and has not been modified since.
- Vendor
- Roxnor
- Product
- FundEngine
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-13
- Original CVE updated
- 2026-07-13
- Advisory published
- 2026-07-13
- Advisory updated
- 2026-07-13
Who should care
Users of FundEngine wp-fundraising-donation plugin for WordPress should verify their installation and update to a patched version if necessary. Administrators of WordPress installations with the plugin installed should review and adjust access control configurations to prevent exploitation.
Technical summary
The CVE-2026-57406 vulnerability has a CVSS score of 6.5 and is classified as MEDIUM severity. The vulnerability is caused by a Missing Authorization issue in the Roxnor FundEngine wp-fundraising-donation plugin. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L. The vulnerability affects FundEngine: from n/a through <= 1.7.6.
Defensive priority
Medium priority due to the potential for exploitation and the availability of patches.
Recommended defensive actions
- Verify the version of FundEngine wp-fundraising-donation and update to a patched version if necessary.
- Implement compensating controls to monitor and restrict access to sensitive areas of the plugin.
- Review and adjust access control configurations to prevent exploitation.
- Review compensating controls for exposed systems while remediation is scheduled and verified.
- Check relevant monitoring, detection, and logs for exposed assets that need extra review.
Evidence notes
The CVE record was published on 2026-07-13T10:16:34.300Z and has not been modified since. The NVD entry is currently Received. Limited information is available about the vulnerability, and further investigation is recommended. The vulnerability affects FundEngine wp-fundraising-donation plugin for WordPress, and users should verify their installation and update to a patched version if necessary.
Official resources
-
CVE-2026-57406 CVE record
CVE.org
-
CVE-2026-57406 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T10:16:34.300Z and has not been modified since.