A vulnerability, which was classified as critical, has been found in WP Grid Builder Plugin up to 2.3.3 on WordPress. This vulnerability affects the function
update of the file /wp-json/wpgb/v2/metadata of the component REST Endpoint. Performing a manipulation of the argument wp_capabilities results in missing authorization.
This vulnerability is identified as CVE-2026-13756. The attack can be initiated remotely. There is not any exploit available.