Skip to main content

Influencer CVE-2026-32370

| EUVDEUVD-2026-11866 MEDIUM
Missing Authorization (CWE-862)
2026-03-13 Patchstack
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Mar 13, 2026 - 16:57 euvd
EUVD-2026-11866
Analysis Generated
Mar 13, 2026 - 16:57 vuln.today
CVE Published
Mar 13, 2026 - 11:42 nvd
MEDIUM 5.3

DescriptionCVE.org

Missing Authorization vulnerability in raratheme Influencer influencer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Influencer: from n/a through <= 1.1.7.

AnalysisAI

Improper access control in raratheme Influencer through version 1.1.7 allows unauthenticated remote attackers to modify data or resources due to incorrectly configured authorization checks. The vulnerability requires no user interaction and can be exploited over the network, though no patch is currently available.

Technical ContextAI

The vulnerability exists in the raratheme Influencer plugin (identified via CPE as cpe:2.3:a:raratheme:influencer), which is a WordPress plugin framework for influencer management and collaboration. The root cause is classified under CWE-862 (Missing Authorization), indicating that the plugin fails to properly enforce authorization checks on sensitive operations, likely in REST API endpoints or form handlers that process requests without validating user permissions. This is a common misconfiguration in WordPress plugin development where developers implement functionality but fail to add proper capability checks (is_user_logged_in(), current_user_can()) or nonce verification before processing critical operations. The affected versions through 1.1.7 suggest the vulnerability has persisted across multiple releases without remediation.

RemediationAI

Immediately upgrade the raratheme Influencer plugin to the first patched version released after 1.1.7 through the WordPress plugin management interface or via direct download from the official raratheme repository. If immediate patching is not possible, implement network-level access controls by restricting HTTP POST/PUT/DELETE requests to the plugin's REST API endpoints to authenticated users only, configure a Web Application Firewall (WAF) rule to require valid authentication headers, and audit recent access logs for any unauthorized modification attempts. Additionally, review plugin-generated data integrity through backup restoration and audit trails to identify any malicious changes that may have occurred during the vulnerability window.

Share

CVE-2026-32370 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy