2 matches found
CVE-2026-8682
creationtimestamp| type| source ---|---|--- 2026-05-28 11:53:09+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmvxjnpgei2i...
CVE-2026-8682 3D Viewer <= 2.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Modification via settings REST endpoint
The 3D Viewer – 3D Model Viewer – Augmented Reality – Virtual Try On plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...