Skip to main content

Studio99 Wp Monitor CVE-2026-32404

| EUVDEUVD-2026-11921 MEDIUM
Missing Authorization (CWE-862)
2026-03-13 Patchstack
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Mar 13, 2026 - 16:57 euvd
EUVD-2026-11921
Analysis Generated
Mar 13, 2026 - 16:57 vuln.today
CVE Published
Mar 13, 2026 - 11:42 nvd
MEDIUM 5.3

DescriptionCVE.org

Missing Authorization vulnerability in Studio99 Studio99 WP Monitor studio99-wp-monitor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Studio99 WP Monitor: from n/a through <= 1.0.3.

AnalysisAI

Studio99 WP Monitor versions through 1.0.3 contain a missing authorization vulnerability (CWE-862) that allows unauthenticated attackers to modify data or settings due to incorrectly configured access controls. The vulnerability has a CVSS score of 5.3 with a network attack vector requiring no privileges or user interaction, enabling integrity compromise without authentication. There is no indication of active exploitation in the wild or public proof-of-concept code at this time, though the low attack complexity and network accessibility make this a moderate priority for WordPress site administrators running this monitoring plugin.

Technical ContextAI

Studio99 WP Monitor is a WordPress plugin designed for site monitoring and administration. The vulnerability stems from CWE-862 (Missing Authorization), which occurs when the application fails to properly verify user permissions before allowing access to sensitive operations or data modification endpoints. In WordPress plugins, this typically manifests as missing capability checks on AJAX handlers, REST API endpoints, or admin form submissions. The affected product (cpe:2.3:a:studio99:studio99-wp-monitor) uses the standard WordPress authentication and authorization framework, but the plugin developers failed to implement proper nonce validation, role checks, or capability verification on critical functionality, allowing any network-based attacker to craft requests that bypass access control layers and modify plugin settings or monitored data.

RemediationAI

The primary remediation is to upgrade Studio99 WP Monitor to a version newer than 1.0.3 where authorization checks have been implemented. Administrators should check the WordPress plugin repository or Studio99's official website for patch availability and apply updates immediately through the standard WordPress plugin update mechanism. As an interim mitigation if patching is delayed, restrict access to the WordPress admin dashboard and plugin settings to trusted IP addresses using a WAF or web server configuration, disable unnecessary AJAX endpoints if the plugin exposes them, and implement Web Application Firewall rules to detect and block requests attempting to modify plugin settings without proper authentication tokens. Additionally, enable WordPress security logging and monitor access logs for suspicious requests to the plugin's functionality endpoints.

Share

CVE-2026-32404 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy