Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
4DescriptionCVE.org
Missing Authorization vulnerability in PublishPress PublishPress Authors publishpress-authors allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PublishPress Authors: from n/a through <= 4.10.1.
AnalysisAI
A missing authorization vulnerability in PublishPress Authors plugin versions up to 4.10.1 allows attackers to exploit incorrectly configured access control security levels, potentially bypassing authentication mechanisms. This vulnerability affects WordPress installations using the PublishPress Authors plugin and could enable unauthorized users to perform actions they should not be permitted to execute. The vulnerability is classified as an authentication bypass issue with CWE-862 (Missing Authorization), though specific CVSS scoring and exploitation data are not yet published.
Technical ContextAI
The vulnerability exists in the PublishPress Authors plugin for WordPress, identified via CPE cpe:2.3:a:publishpress:publishpress_authors:*:*:*:*:*:*:*:*. The root cause is classified under CWE-862 (Improper Access Control), which indicates that the plugin fails to properly validate user permissions before granting access to sensitive functionality or resources. PublishPress Authors is a WordPress plugin that manages authorship and author metadata; the broken access control suggests that the plugin's authorization checks for displaying, modifying, or managing author information are not properly enforced, potentially allowing users to access or modify author data beyond their intended permission scope.
RemediationAI
Update PublishPress Authors to a version newer than 4.10.1 as soon as a patched version is released by PublishPress. Check the official PublishPress website and WordPress plugin repository for available updates. Until a patch is available, implement the following compensating controls: restrict plugin functionality using WordPress role and capability management to limit which users can access author management features, disable the PublishPress Authors plugin if it is not actively required, and audit user access logs to detect any suspicious authorization bypass attempts. Consider using a Web Application Firewall (WAF) to monitor and block requests that attempt to exploit authorization bypass patterns if the plugin must remain active.
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-15639
GHSA-mxc9-2x8m-2m26