HIGH
joeyoungblood
CVE published 2026-07-10
CVE-2026-15293
The WP Business Intelligence Lite plugin for WordPress has an authorization bypass vulnerability in all versions up to and including 3.2.0. This vulnerability allows authenticated attackers with Subscriber-level access and above to modify stored SQL queries. When these modified queries are viewed by an administrator, it can lead to privilege escalation via arbitrary SQL execution.