CVE-2026-27542
CVE-2026-27542 and CVE-2026-27540 affect the WordPress WooCommerce Wholesale Lead Capture plugin up to version 2.0.3.1. CVE-2026-27542 is an unauthenticated privilege-escalation in wwlc_create_user that can inject arbitrary WordPress capabilities (including administrator) during registration, ena...