CVE-2026-27542

CRITICAL EXPLOITED

WordPress Woocommerce Wholesale Lead Capture plugin <= 2.0.3.1 - Privilege Escalation vulnerability

Title source: cna

Description

Incorrect Privilege Assignment vulnerability in Rymera Web Co Pty Ltd. Woocommerce Wholesale Lead Capture woocommerce-wholesale-lead-capture allows Privilege Escalation.This issue affects Woocommerce Wholesale Lead Capture: from n/a through <= 2.0.3.1.

Exploits (1)

nomisec WORKING POC

by Nxploited · remote

https://github.com/Nxploited/CVE-2026-27542-CVE-2026-27540-

View Code ZIP pw:eip

References (2)

[Vdb Entry] https://patchstack.com/database/wordpress/plugin/woocommerce-wholesale-lead-capture/vulnerability/wordpress-woocommerce-wholesale-lead-capture-plugin-1-17-8-privilege-escalation-vulnerability?_s_id=cve

[Vdb Entry] https://patchstack.com/database/Wordpress/Plugin/woocommerce-wholesale-lead-capture/vulnerability/wordpress-woocommerce-wholesale-lead-capture-plugin-1-17-8-privilege-escalation-vulnerability?_s_id=cve

Scores

CVSS v3 9.8

EPSS 0.0001

EPSS Percentile 0.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2026-02-20

CWE

CWE-266

Status published

Products (1)

Rymera Web Co Pty Ltd./Woocommerce Wholesale Lead Capture < 2.0.3.1

Published Mar 19, 2026

Tracked Since Mar 19, 2026