๐Ÿ” CVE Alert

CVE-2026-15293

HIGH 8.0

WP Business Intelligence Lite <= 3.2.0 - Authenticated (Subscriber+) Missing Authorization to Privilege Escalation via Arbitrary SQL Modification

CVSS Score
8.0
EPSS Score
0.3%
EPSS Percentile
27th

The WP Business Intelligence Lite plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.2.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify stored SQL queries, which can lead to privilege escalation via arbitrary SQL execution when the modified query is viewed by an administrator.

CWE CWE-862
Vendor joeyoungblood
Product wp business intelligence lite
Published Jul 10, 2026
Last Updated Jul 10, 2026
Stay Ahead of the Next One

Get instant alerts for joeyoungblood wp business intelligence lite

Be the first to know when new high vulnerabilities affecting joeyoungblood wp business intelligence lite are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

joeyoungblood / WP Business Intelligence Lite
0 โ‰ค 3.2.0

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/a7e35f18-7659-4b97-b99f-b57ac941cb22?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/wp-business-intelligence-lite/tags/3.2.0/Admin/Menu/Query.php#L122 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/wp-business-intelligence-lite/tags/3.2.0/Loader.php#L81

Credits

Nabil Irawan