MEDIUM
Patchstack
CVE published 2026-01-08
CVE-2026-0674
CVE-2026-0674 describes a missing-authorization / broken-access-control issue in Campaign Monitor for WordPress, affecting versions through 2.9.1. Based on the supplied NVD record and Patchstack reference, the flaw can allow a low-privileged actor to reach actions that should require stronger authorization, creating an integrity risk for affected WordPress sites.