CVE-2026-2001P2HIGHCVSS 8.8≤ 2.1.32026-02-16
CVE-2026-2001 [HIGH] CWE-862 CVE-2026-2001: The WowRevenue plugin for WordPress is vulnerable to unauthorized plugin installation due to a missi
The WowRevenue plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check in the 'Notice::install_activate_plugin' function in all versions up to, and including, 2.1.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins on the affected sit
nvd