Common Weakness Enumeration
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Back to CWE stats page
CWE-862
Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
CVE-2026-4058 (GCVE-0-2026-4058)
Vulnerability from cvelistv5 – Published: 2026-06-09 09:28 – Updated: 2026-06-09 14:09
VLAI
Title
User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration <= 4.3.2 - Missing Authorization to Authenticated (Subscriber+) Subscription Pack Cancellation
Summary
The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the user_subscription_cancel() function in all versions up to, and including, 4.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to cancel any user's subscription pack, including administrators.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| wedevs | User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration |
Affected:
0 , ≤ 4.3.2
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4058",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T14:09:20.531777Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T14:09:41.250Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership \u0026 User Registration",
"vendor": "wedevs",
"versions": [
{
"lessThanOrEqual": "4.3.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Supakiad S."
}
],
"descriptions": [
{
"lang": "en",
"value": "The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership \u0026 User Registration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the user_subscription_cancel() function in all versions up to, and including, 4.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to cancel any user\u0027s subscription pack, including administrators."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T09:28:31.713Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ffdf34bb-a887-444c-8a76-12901fed6662?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3528244/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-24T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2026-03-12T17:20:07.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-06-08T20:48:06.000Z",
"value": "Disclosed"
}
],
"title": "User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership \u0026 User Registration \u003c= 4.3.2 - Missing Authorization to Authenticated (Subscriber+) Subscription Pack Cancellation"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-4058",
"datePublished": "2026-06-09T09:28:31.713Z",
"dateReserved": "2026-03-12T17:04:07.068Z",
"dateUpdated": "2026-06-09T14:09:41.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-40581 (GCVE-0-2026-40581)
Vulnerability from cvelistv5 – Published: 2026-04-17 23:51 – Updated: 2026-04-20 16:15
VLAI
Title
ChurchCRM: Cross-Site Request Forgery (CSRF) in SelectDelete.php Leading to Permanent Data Deletion
Summary
ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the family record deletion endpoint (SelectDelete.php) performs permanent, irreversible deletion of family records and all associated data via a plain GET request with no CSRF token validation. An attacker can craft a malicious page that, when visited by an authenticated administrator, silently triggers deletion of targeted family records including associated notes, pledges, persons, and property data without any user interaction. This issue has been fixed in version 7.2.0.
Severity
8.1 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/ChurchCRM/CRM/security/advisor… | x_refsource_CONFIRM |
| https://github.com/ChurchCRM/CRM/pull/8613 | x_refsource_MISC |
| https://github.com/ChurchCRM/CRM/commit/393616286… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-40581",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-20T16:09:32.310175Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T16:15:58.183Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CRM",
"vendor": "ChurchCRM",
"versions": [
{
"status": "affected",
"version": "\u003c 7.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the family record deletion endpoint (SelectDelete.php) performs permanent, irreversible deletion of family records and all associated data via a plain GET request with no CSRF token validation. An attacker can craft a malicious page that, when visited by an authenticated administrator, silently triggers deletion of targeted family records including associated notes, pledges, persons, and property data without any user interaction. This issue has been fixed in version 7.2.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352: Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T23:51:32.765Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ChurchCRM/CRM/security/advisories/GHSA-6qxv-xw9j-77pj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ChurchCRM/CRM/security/advisories/GHSA-6qxv-xw9j-77pj"
},
{
"name": "https://github.com/ChurchCRM/CRM/pull/8613",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ChurchCRM/CRM/pull/8613"
},
{
"name": "https://github.com/ChurchCRM/CRM/commit/39361628613af7682b813f3e62a412559616d674",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ChurchCRM/CRM/commit/39361628613af7682b813f3e62a412559616d674"
}
],
"source": {
"advisory": "GHSA-6qxv-xw9j-77pj",
"discovery": "UNKNOWN"
},
"title": "ChurchCRM: Cross-Site Request Forgery (CSRF) in SelectDelete.php Leading to Permanent Data Deletion"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-40581",
"datePublished": "2026-04-17T23:51:32.765Z",
"dateReserved": "2026-04-14T13:24:29.475Z",
"dateUpdated": "2026-04-20T16:15:58.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-40592 (GCVE-0-2026-40592)
Vulnerability from cvelistv5 – Published: 2026-04-21 16:57 – Updated: 2026-04-21 19:10
VLAI
Title
FreeScout's cross-user undo reply allows mailbox peers to recall another agent's outbound reply
Summary
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the undo-send route `GET /conversation/undo-reply/{thread_id}` checks only whether the current user can view the parent conversation. It does not verify that the current user created the reply being undone. In a shared mailbox, one agent can therefore recall another agent's just-sent reply during the 15-second undo window. Version 1.8.214 fixes the vulnerability.
Severity
5.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/freescout-help-desk/freescout/… | x_refsource_CONFIRM |
| https://github.com/freescout-help-desk/freescout/… | x_refsource_MISC |
| https://github.com/freescout-help-desk/freescout/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| freescout-help-desk | freescout |
Affected:
< 1.8.214
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-40592",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-21T19:10:27.269388Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-21T19:10:40.989Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "freescout",
"vendor": "freescout-help-desk",
"versions": [
{
"status": "affected",
"version": "\u003c 1.8.214"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the undo-send route `GET /conversation/undo-reply/{thread_id}` checks only whether the current user can view the parent conversation. It does not verify that the current user created the reply being undone. In a shared mailbox, one agent can therefore recall another agent\u0027s just-sent reply during the 15-second undo window. Version 1.8.214 fixes the vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-21T16:57:33.146Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-674v-r6xp-mvp6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-674v-r6xp-mvp6"
},
{
"name": "https://github.com/freescout-help-desk/freescout/commit/c779afdda86fa00a4b85779e034bbfd9ce20c76d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/freescout-help-desk/freescout/commit/c779afdda86fa00a4b85779e034bbfd9ce20c76d"
},
{
"name": "https://github.com/freescout-help-desk/freescout/releases/tag/1.8.214",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/freescout-help-desk/freescout/releases/tag/1.8.214"
}
],
"source": {
"advisory": "GHSA-674v-r6xp-mvp6",
"discovery": "UNKNOWN"
},
"title": "FreeScout\u0027s cross-user undo reply allows mailbox peers to recall another agent\u0027s outbound reply"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-40592",
"datePublished": "2026-04-21T16:57:33.146Z",
"dateReserved": "2026-04-14T14:07:59.641Z",
"dateUpdated": "2026-04-21T19:10:40.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-40601 (GCVE-0-2026-40601)
Vulnerability from cvelistv5 – Published: 2026-04-30 18:22 – Updated: 2026-05-04 13:23
VLAI
Title
Chartbrew: Missing Authorization in /api/chart/:chart_id/query via team-level refresh toggle
Summary
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes POST /api/chart/:chart_id/query without authentication. The endpoint only checks team.allowReportRefresh and does not verify that the target chart belongs to a public report, that the project is public, or that sharing policy allows the operation. An unauthenticated attacker who knows a chart identifier can trigger a data refresh and retrieve the current data of private charts. This issue has been patched in version 5.0.0.
Severity
7.5 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/chartbrew/chartbrew/security/a… | x_refsource_CONFIRM |
| https://github.com/chartbrew/chartbrew/releases/t… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-40601",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-04T13:23:18.016489Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-04T13:23:24.286Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "chartbrew",
"vendor": "chartbrew",
"versions": [
{
"status": "affected",
"version": "= 4.9.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes POST /api/chart/:chart_id/query without authentication. The endpoint only checks team.allowReportRefresh and does not verify that the target chart belongs to a public report, that the project is public, or that sharing policy allows the operation. An unauthenticated attacker who knows a chart identifier can trigger a data refresh and retrieve the current data of private charts. This issue has been patched in version 5.0.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-30T18:22:43.557Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/chartbrew/chartbrew/security/advisories/GHSA-cpr6-mhgm-893w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/chartbrew/chartbrew/security/advisories/GHSA-cpr6-mhgm-893w"
},
{
"name": "https://github.com/chartbrew/chartbrew/releases/tag/v5.0.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/chartbrew/chartbrew/releases/tag/v5.0.0"
}
],
"source": {
"advisory": "GHSA-cpr6-mhgm-893w",
"discovery": "UNKNOWN"
},
"title": "Chartbrew: Missing Authorization in /api/chart/:chart_id/query via team-level refresh toggle"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-40601",
"datePublished": "2026-04-30T18:22:43.557Z",
"dateReserved": "2026-04-14T14:07:59.641Z",
"dateUpdated": "2026-05-04T13:23:24.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-40623 (GCVE-0-2026-40623)
Vulnerability from cvelistv5 – Published: 2026-04-23 23:58 – Updated: 2026-04-24 18:18
VLAI
Title
SenseLive X3050 Missing Authorization
Summary
A vulnerability in SenseLive X3050's web management interface allows critical system and network configuration parameters to be modified without sufficient validation and safety controls. Due to inadequate enforcement of constraints on sensitive functions, parameters such as IP addressing, watchdog timers, reconnect intervals, and service ports can be set to unsupported or unsafe values. These configuration changes directly affect core device behaviour and recovery mechanisms. The lack of proper validation and safeguards allows critical system functions to be altered in a manner that can destabilize device operation or render the device persistently unavailable.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Date Public
2026-04-21 16:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-40623",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-24T17:05:39.233646Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-24T18:18:37.202Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "X3050",
"vendor": "SenseLive",
"versions": [
{
"status": "affected",
"version": "V1.523"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jithin Nambiar J reported these vulnerabilities to CISA."
}
],
"datePublic": "2026-04-21T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability in\u0026nbsp;SenseLive\u0026nbsp;X3050\u0027s web management interface allows critical system and network configuration parameters to be modified without sufficient validation and safety controls. Due to inadequate enforcement of constraints on sensitive functions, parameters such as IP addressing, watchdog timers, reconnect intervals, and service ports can be set to unsupported or unsafe values. These configuration changes directly affect core device behaviour and recovery mechanisms. The lack of proper validation and safeguards allows critical system functions to be altered in a manner that can destabilize device operation or render the device persistently unavailable."
}
],
"value": "A vulnerability in\u00a0SenseLive\u00a0X3050\u0027s web management interface allows critical system and network configuration parameters to be modified without sufficient validation and safety controls. Due to inadequate enforcement of constraints on sensitive functions, parameters such as IP addressing, watchdog timers, reconnect intervals, and service ports can be set to unsupported or unsafe values. These configuration changes directly affect core device behaviour and recovery mechanisms. The lack of proper validation and safeguards allows critical system functions to be altered in a manner that can destabilize device operation or render the device persistently unavailable."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-23T23:58:47.343Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://senselive.io/contact"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-12"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-111-12.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SenseLive did not respond to CISA\u0027s requests to coordinate. Affected users are encouraged to reach out to SenseLive for more information. https://senselive.io/contact\u0026nbsp;"
}
],
"value": "SenseLive did not respond to CISA\u0027s requests to coordinate. Affected users are encouraged to reach out to SenseLive for more information. https://senselive.io/contact"
}
],
"source": {
"advisory": "ICSA-26-111-12",
"discovery": "EXTERNAL"
},
"title": "SenseLive X3050 Missing Authorization",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-40623",
"datePublished": "2026-04-23T23:58:47.343Z",
"dateReserved": "2026-04-14T15:57:14.970Z",
"dateUpdated": "2026-04-24T18:18:37.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4063 (GCVE-0-2026-4063)
Vulnerability from cvelistv5 – Published: 2026-03-13 09:25 – Updated: 2026-04-08 16:58
VLAI
Title
Social Icons Widget & Block <= 4.5.8 - Missing Authorization to Authenticated (Subscriber+) Sharing Configuration Creation
Summary
The Social Icons Widget & Block by WPZOOM plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check in the add_menu_item() method hooked to admin_menu in all versions up to, and including, 4.5.8. This is due to the method performing wp_insert_post() and update_post_meta() calls to create a sharing configuration without verifying the current user has administrator-level capabilities. This makes it possible for authenticated attackers, with Subscriber-level access and above, to trigger the creation of a published wpzoom-sharing configuration post with default sharing button settings, which causes social sharing buttons to be automatically injected into all post content on the frontend via the the_content filter.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| wpzoom | Social Icons Widget & Block – Social Media Icons & Share Buttons |
Affected:
0 , ≤ 4.5.8
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4063",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-13T15:57:20.749250Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-13T15:57:28.037Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Social Icons Widget \u0026 Block \u2013 Social Media Icons \u0026 Share Buttons",
"vendor": "wpzoom",
"versions": [
{
"lessThanOrEqual": "4.5.8",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "darkestmode"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Social Icons Widget \u0026 Block by WPZOOM plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check in the add_menu_item() method hooked to admin_menu in all versions up to, and including, 4.5.8. This is due to the method performing wp_insert_post() and update_post_meta() calls to create a sharing configuration without verifying the current user has administrator-level capabilities. This makes it possible for authenticated attackers, with Subscriber-level access and above, to trigger the creation of a published wpzoom-sharing configuration post with default sharing button settings, which causes social sharing buttons to be automatically injected into all post content on the frontend via the the_content filter."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:58:55.714Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6af64b51-1758-495f-b6d7-364488de9ab8?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/social-icons-widget-by-wpzoom/trunk/includes/classes/class-wpzoom-social-sharing-buttons.php#L110"
},
{
"url": "https://plugins.trac.wordpress.org/browser/social-icons-widget-by-wpzoom/tags/4.5.8/includes/classes/class-wpzoom-social-sharing-buttons.php#L110"
},
{
"url": "https://plugins.trac.wordpress.org/browser/social-icons-widget-by-wpzoom/tags/4.5.8/includes/classes/class-wpzoom-social-sharing-buttons.php#L134"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3481444%40social-icons-widget-by-wpzoom%2Ftrunk\u0026old=3462717%40social-icons-widget-by-wpzoom%2Ftrunk\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-12T19:20:35.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-03-12T20:38:20.000Z",
"value": "Disclosed"
}
],
"title": "Social Icons Widget \u0026 Block \u003c= 4.5.8 - Missing Authorization to Authenticated (Subscriber+) Sharing Configuration Creation"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-4063",
"datePublished": "2026-03-13T09:25:00.829Z",
"dateReserved": "2026-03-12T17:32:50.022Z",
"dateUpdated": "2026-04-08T16:58:55.714Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4064 (GCVE-0-2026-4064)
Vulnerability from cvelistv5 – Published: 2026-03-17 19:14 – Updated: 2026-03-17 20:03
VLAI
Summary
Missing authorization checks on multiple gRPC service endpoints in PowerShell Universal before 2026.1.4 allows an authenticated user with any valid token to bypass role-based access controls and perform privileged operations — including reading sensitive data, creating or deleting resources, and disrupting service operations — via crafted gRPC requests.
Severity
8.3 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Devolutions | PowerShell Universal |
Affected:
2026.1.0 , < 2026.1.4
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-4064",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-17T20:03:16.122611Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-17T20:03:19.106Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PowerShell Universal",
"vendor": "Devolutions",
"versions": [
{
"lessThan": "2026.1.4",
"status": "affected",
"version": "2026.1.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003e\u003cspan\u003eMissing authorization checks on multiple gRPC service endpoints in PowerShell Universal before 2026.1.4 allows an authenticated user with any valid token to bypass role-based access controls and perform privileged operations \u2014 including reading sensitive data, creating or deleting resources, and disrupting service operations \u2014 via crafted gRPC requests.\u003c/span\u003e\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "Missing authorization checks on multiple gRPC service endpoints in PowerShell Universal before 2026.1.4 allows an authenticated user with any valid token to bypass role-based access controls and perform privileged operations \u2014 including reading sensitive data, creating or deleting resources, and disrupting service operations \u2014 via crafted gRPC requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-17T19:14:17.189Z",
"orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23",
"shortName": "DEVOLUTIONS"
},
"references": [
{
"url": "https://devolutions.net/security/advisories/DEVO-2026-0008"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 1.0.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23",
"assignerShortName": "DEVOLUTIONS",
"cveId": "CVE-2026-4064",
"datePublished": "2026-03-17T19:14:17.189Z",
"dateReserved": "2026-03-12T17:37:00.624Z",
"dateUpdated": "2026-03-17T20:03:19.106Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4065 (GCVE-0-2026-4065)
Vulnerability from cvelistv5 – Published: 2026-04-07 21:26 – Updated: 2026-04-08 16:53
VLAI
Title
Smart Slider 3 <= 3.5.1.33 - Missing Authorization to Authenticated (Contributor+) Slider Data Read and Image Record Manipulation
Summary
The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on multiple wp_ajax_smart-slider3 controller actions in all versions up to, and including, 3.5.1.33. The display_admin_ajax() method does not call checkForCap() (which requires unfiltered_html capability), and several controller actions only validate the nonce (validateToken()) without calling validatePermission(). This makes it possible for authenticated attackers, with Contributor-level access and above, to enumerate slider metadata and create, modify, and delete image storage records by obtaining the nextend_nonce exposed on post editor pages.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
7 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| nextendweb | Smart Slider 3 |
Affected:
0 , ≤ 3.5.1.33
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4065",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-08T14:29:43.699842Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T14:29:55.319Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Smart Slider 3",
"vendor": "nextendweb",
"versions": [
{
"lessThanOrEqual": "3.5.1.33",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "darkestmode"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on multiple wp_ajax_smart-slider3 controller actions in all versions up to, and including, 3.5.1.33. The display_admin_ajax() method does not call checkForCap() (which requires unfiltered_html capability), and several controller actions only validate the nonce (validateToken()) without calling validatePermission(). This makes it possible for authenticated attackers, with Contributor-level access and above, to enumerate slider metadata and create, modify, and delete image storage records by obtaining the nextend_nonce exposed on post editor pages."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:53:07.718Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/53a08b59-b7e0-419a-bfc3-528bcddb1ac2?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/smart-slider-3/tags/3.5.1.32/Nextend/SmartSlider3/Platform/WordPress/Admin/AdminHelper.php#L155"
},
{
"url": "https://plugins.trac.wordpress.org/browser/smart-slider-3/trunk/Nextend/SmartSlider3/Platform/WordPress/Admin/AdminHelper.php#L155"
},
{
"url": "https://plugins.trac.wordpress.org/browser/smart-slider-3/tags/3.5.1.32/Nextend/SmartSlider3/Application/Admin/Sliders/ControllerAjaxSliders.php#L26"
},
{
"url": "https://plugins.trac.wordpress.org/browser/smart-slider-3/tags/3.5.1.32/Nextend/Framework/Image/ControllerAjaxImage.php#L37"
},
{
"url": "https://plugins.trac.wordpress.org/browser/smart-slider-3/tags/3.5.1.32/Nextend/SmartSlider3/Platform/WordPress/HelperTinyMCE.php#L30"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3489689%40smart-slider-3%2Ftrunk\u0026old=3439582%40smart-slider-3%2Ftrunk\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-12T17:56:45.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-04-07T08:51:34.000Z",
"value": "Disclosed"
}
],
"title": "Smart Slider 3 \u003c= 3.5.1.33 - Missing Authorization to Authenticated (Contributor+) Slider Data Read and Image Record Manipulation"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-4065",
"datePublished": "2026-04-07T21:26:20.357Z",
"dateReserved": "2026-03-12T17:41:32.556Z",
"dateUpdated": "2026-04-08T16:53:07.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4066 (GCVE-0-2026-4066)
Vulnerability from cvelistv5 – Published: 2026-03-23 22:25 – Updated: 2026-04-08 17:05
VLAI
Title
Smart Custom Fields <= 5.0.6 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Relational Post Search
Summary
The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relational_posts_search() function in all versions up to, and including, 5.0.6. This makes it possible for authenticated attackers, with Contributor-level access and above, to read private and draft post content from other authors via the smart-cf-relational-posts-search AJAX action. The function queries posts with post_status=any and returns full WP_Post objects including post_content, but only checks the generic edit_posts capability instead of verifying whether the requesting user has permission to read each individual post.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| inc2734 | Smart Custom Fields |
Affected:
0 , ≤ 5.0.6
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4066",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-24T13:58:26.021876Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-24T13:59:08.877Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Smart Custom Fields",
"vendor": "inc2734",
"versions": [
{
"lessThanOrEqual": "5.0.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "darkestmode"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relational_posts_search() function in all versions up to, and including, 5.0.6. This makes it possible for authenticated attackers, with Contributor-level access and above, to read private and draft post content from other authors via the smart-cf-relational-posts-search AJAX action. The function queries posts with post_status=any and returns full WP_Post objects including post_content, but only checks the generic edit_posts capability instead of verifying whether the requesting user has permission to read each individual post."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:05:11.962Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/87f52e3a-e414-4f47-b46c-e3811e76744b?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/smart-custom-fields/trunk/classes/fields/class.field-related-posts.php#L101"
},
{
"url": "https://plugins.trac.wordpress.org/browser/smart-custom-fields/trunk/classes/fields/class.field-related-posts.php#L78"
},
{
"url": "https://plugins.trac.wordpress.org/browser/smart-custom-fields/trunk/classes/fields/class.field-related-posts.php#L143"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3485210%40smart-custom-fields%2Ftrunk\u0026old=3416964%40smart-custom-fields%2Ftrunk\u0026sfp_email=\u0026sfph_mail=#file2"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-12T18:59:00.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-03-23T09:49:02.000Z",
"value": "Disclosed"
}
],
"title": "Smart Custom Fields \u003c= 5.0.6 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Relational Post Search"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-4066",
"datePublished": "2026-03-23T22:25:39.149Z",
"dateReserved": "2026-03-12T18:43:28.699Z",
"dateUpdated": "2026-04-08T17:05:11.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-40722 (GCVE-0-2026-40722)
Vulnerability from cvelistv5 – Published: 2026-06-17 08:40 – Updated: 2026-06-17 10:35
VLAI
Title
WordPress Yoast SEO Premium plugin <= 26.6 - Broken Access Control vulnerability
Summary
Missing Authorization vulnerability in Yoast BV Yoast SEO Premium allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Yoast SEO Premium: from n/a through 26.6.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/wordpress/plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Yoast BV | Yoast SEO Premium |
Affected:
n/a , ≤ 26.6
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-40722",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-17T10:23:38.389863Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-17T10:35:26.509Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Yoast SEO Premium",
"vendor": "Yoast BV",
"versions": [
{
"changes": [
{
"at": "26.7",
"status": "unaffected"
}
],
"lessThanOrEqual": "26.6",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "ilicfilip | Patchstack Bug Bounty Program"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in Yoast BV Yoast SEO Premium allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects Yoast SEO Premium: from n/a through 26.6.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in Yoast BV Yoast SEO Premium allows Exploiting Incorrectly Configured Access Control Security Levels.\n\nThis issue affects Yoast SEO Premium: from n/a through 26.6."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-17T08:40:37.888Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/wordpress-seo-premium/vulnerability/wordpress-yoast-seo-premium-plugin-26-6-broken-access-control-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress Yoast SEO Premium Plugin to the latest available version (at least 26.7)."
}
],
"value": "Update the WordPress Yoast SEO Premium Plugin to the latest available version (at least 26.7)."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Yoast SEO Premium plugin \u003c= 26.6 - Broken Access Control vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2026-40722",
"datePublished": "2026-06-17T08:40:37.888Z",
"dateReserved": "2026-04-15T09:19:20.452Z",
"dateUpdated": "2026-06-17T10:35:26.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Phase: Architecture and Design
Description:
- Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.
- Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
Mitigation
Phase: Architecture and Design
Description:
- Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor [REF-7].
Mitigation ID: MIT-4.4
Phase: Architecture and Design
Strategy: Libraries or Frameworks
Description:
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45].
Mitigation
Phase: Architecture and Design
Description:
- For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.
- One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page.
Mitigation
Phases: System Configuration, Installation
Description:
- Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a "default deny" policy when defining these ACLs.
CAPEC-665: Exploitation of Thunderbolt Protection Flaws
An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.