CVE-2025-26741

Description

Missing Authorization vulnerability in AWEOS GmbH Email Notifications for Updates wp-update-mail-notification allows Privilege Escalation.This issue affects Email Notifications for Updates: from n/a through <= 1.1.6.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

AWEOS GmbH / Email Notifications for Updates0 – 1.1.6

References

MISChttps://patchstack.com/database/Wordpress/Plugin/wp-update-mail-notification/vulnerability/wordpress-email-notifications-for-updates-1-1-6-privilege-escalation-vulnerability?_s_id=cve