PatchSiren cyber security CVE debrief
CVE-2026-39655 TeconceTheme CVE debrief
A Missing Authorization vulnerability in Mayosis Core (versions through 5.4.7) allows exploitation of incorrectly configured access control security levels. The vulnerability, classified as CWE-862 (Missing Authorization), permits unauthenticated attackers to bypass intended access controls. The CVSS 3.1 score of 5.3 (Medium severity) reflects network attack vector with low attack complexity, no privileges required, no user interaction, and a limited integrity impact. The NVD entry status is currently Deferred, indicating the record is under review or awaiting additional analysis.
- Vendor
- TeconceTheme
- Product
- Mayosis Core
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-26
- Original CVE updated
- 2026-05-26
- Advisory published
- 2026-05-26
- Advisory updated
- 2026-05-26
Who should care
WordPress site administrators using Mayosis Core plugin; security teams managing WordPress deployments; developers implementing access control in WordPress plugins
Technical summary
The Mayosis Core WordPress plugin contains a Missing Authorization vulnerability (CWE-862) in versions through 5.4.7. The flaw allows attackers to exploit incorrectly configured access control security levels without authentication. The vulnerability was reported by Patchstack and carries a CVSS 3.1 score of 5.3 (Medium). NVD status is Deferred, suggesting ongoing analysis or vendor coordination.
Defensive priority
medium
Recommended defensive actions
- Review and apply vendor-supplied patches for Mayosis Core when available
- Implement principle of least privilege for WordPress administrative functions
- Monitor WordPress audit logs for unauthorized access attempts to Mayosis Core endpoints
- Consider Web Application Firewall (WAF) rules to restrict access to sensitive plugin functionality pending patch
- Verify plugin version and remove or disable Mayosis Core if patching is not immediately feasible
Evidence notes
Vulnerability identified by Patchstack and reported to CVE/NVD. Affected product is Mayosis Core WordPress plugin by TeconceTheme. No known exploitation in the wild or ransomware campaign use documented.
Official resources
-
CVE-2026-39655 CVE record
CVE.org
-
CVE-2026-39655 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
2026-05-26