CVE-2026-27351 WordPress Crew HRM plugin <= 1.2.2 - Broken Access Control vulnerability

🗓️ 02 Jun 2026 14:01:46Reported by PatchstackType

Broken access control in WordPress Crew HRM plugin up to 1.2.2 due to missing authorization.

Reporter	Title	Published	Views	Family All 8
ATTACKERKB	CVE-2026-27351	2 Jun 202614:01	–	attackerkb
CVE	CVE-2026-27351	2 Jun 202614:01	–	cve
EUVD	EUVD-2026-33931	2 Jun 202614:01	–	euvd
NVD	CVE-2026-27351	2 Jun 202614:16	–	nvd
Patchstack	WordPress Crew HRM plugin <= 1.2.2 - Broken Access Control vulnerability	2 Jun 202614:01	–	patchstack
Positive Technologies	PT-2026-45747	2 Jun 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-27351	5 Jun 202619:33	–	redhatcve
Vulnrichment	CVE-2026-27351 WordPress Crew HRM plugin <= 1.2.2 - Broken Access Control vulnerability	2 Jun 202614:01	–	vulnrichment

[
  {
    "vendor": "Sekander Badsha",
    "product": "Crew HRM",
    "collectionURL": "https://wordpress.org/plugins",
    "packageName": "hr-management",
    "versions": [
      {
        "status": "affected",
        "version": "n/a",
        "lessThanOrEqual": "1.2.2",
        "changes": [
          {
            "at": "1.2.3",
            "status": "unaffected"
          }
        ],
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
patchstack	www.patchstack.com/database/wordpress/plugin/hr-management/vulnerability/wordpress-crew-hrm-plugin-1-2-2-broken-access-control-vulnerability

02 Jun 2026 14:01Current

CVSS 3.15.4

EPSS0.0017

CWE-862