CVE ID :CVE-2026-8682 Published : May 28, 2026, 6:45 a.m. | 1 hour, 10 minutes ago Description :The 3D Viewer – 3D Model Viewer – Augmented Reality – Virtual Try On plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify all plugin settings by writing arbitrary data to the ar_try_on_settings option in the database via the /wp-json/ar_try_on/v1/settings REST endpoint. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...