CVE-2026-15293
WP Business Intelligence Lite <= 3.2.0 - Authenticated (Subscriber+) Missing Authorization to Privilege Escalation via Arbitrary SQL Modification
CVSS Score
8.0
EPSS Score
0.3%
EPSS Percentile
27th
The WP Business Intelligence Lite plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.2.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify stored SQL queries, which can lead to privilege escalation via arbitrary SQL execution when the modified query is viewed by an administrator.
| CWE | CWE-862 |
| Vendor | joeyoungblood |
| Product | wp business intelligence lite |
| Published | Jul 10, 2026 |
| Last Updated | Jul 10, 2026 |
Stay Ahead of the Next One
Get instant alerts for joeyoungblood wp business intelligence lite
Be the first to know when new high vulnerabilities affecting joeyoungblood wp business intelligence lite are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
joeyoungblood / WP Business Intelligence Lite
0 โค 3.2.0
References
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/a7e35f18-7659-4b97-b99f-b57ac941cb22?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/wp-business-intelligence-lite/tags/3.2.0/Admin/Menu/Query.php#L122 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/wp-business-intelligence-lite/tags/3.2.0/Loader.php#L81
Credits
Nabil Irawan