Aryan Shirani Bid Abadi Site Suggest CVE-2026-28104
MEDIUMSeverity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Lifecycle Timeline
2DescriptionCVE.org
Missing Authorization vulnerability in Aryan Shirani Bid Abadi Site Suggest site-suggest allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Site Suggest: from n/a through <= 1.3.9.
AnalysisAI
Site Suggest plugin version 1.3.9 and earlier lacks proper access control checks, enabling unauthenticated remote attackers to access restricted functionality and modify data. The vulnerability affects installations without authentication requirements and could allow attackers to manipulate site suggestions or related content without authorization. No patch is currently available.
Technical ContextAI
Classified as CWE-862 (Missing Authorization). Affects Aryan Shirani Bid Abadi Site Suggest site-suggest. Missing Authorization vulnerability in Aryan Shirani Bid Abadi Site Suggest site-suggest allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Site Suggest: from n/a through <= 1.3.9.
Affected ProductsAI
Product: Aryan Shirani Bid Abadi Site Suggest site-suggest.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today