🔐 CVE Alert

CVE-2026-3829

MEDIUM 5.4

WP Encryption - One Click SSL & Force HTTPS <= 7.8.5.10 - Missing Authorization to Authenticated (Subscriber+) SSL Setup Tampering

CVSS Score
5.4
EPSS Score
0.0%
EPSS Percentile
0th

The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'wple_basic_get_requests' function in all versions up to, and including, 7.8.5.10. This makes it possible for authenticated attackers, with subscriber level access and above, to reset the SSL setup state, force SSL to appear complete, and modify plan selection options.

CWE CWE-862
Vendor gowebsmarty
Product wp encryption – one click free ssl certificate & ssl / https redirect, security & ssl scan
Published May 14, 2026
Stay Ahead of the Next One

Get instant alerts for gowebsmarty wp encryption – one click free ssl certificate & ssl / https redirect, security & ssl scan

Be the first to know when new medium vulnerabilities affecting gowebsmarty wp encryption – one click free ssl certificate & ssl / https redirect, security & ssl scan are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

gowebsmarty / WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan
0 ≤ 7.8.5.10

References

NVD ↗ CVE.org ↗ EPSS Data ↗
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/9a09ec65-32e4-4841-a365-f67c15b80bf9?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset?old_path=wp-letsencrypt-ssl/tags/7.8.5.10/admin/le_admin.php&new_path=wp-letsencrypt-ssl/tags/7.8.5.11/admin/le_admin.php plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset?old_path=wp-letsencrypt-ssl/tags/7.8.5.10/admin/le_handlers.php&new_path=wp-letsencrypt-ssl/tags/7.8.5.11/admin/le_handlers.php

Credits

Kitch Global