Skip to main content

Pdf Poster CVE-2026-32416

| EUVDEUVD-2026-11937 MEDIUM
Missing Authorization (CWE-862)
2026-03-13 Patchstack
5.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
Low

Lifecycle Timeline

3
EUVD ID Assigned
Mar 13, 2026 - 16:57 euvd
EUVD-2026-11937
Analysis Generated
Mar 13, 2026 - 16:57 vuln.today
CVE Published
Mar 13, 2026 - 11:42 nvd
MEDIUM 5.4

DescriptionCVE.org

Missing Authorization vulnerability in bPlugins PDF Poster pdf-poster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF Poster: from n/a through <= 2.4.0.

AnalysisAI

bPlugins PDF Poster through version 2.4.0 contains an authorization bypass vulnerability that allows authenticated users to modify or disrupt PDF operations due to improperly configured access controls. An attacker with valid credentials could exploit this flaw to manipulate data integrity or cause service disruption without proper authorization checks.

Technical ContextAI

The vulnerability is rooted in CWE-862 (Missing Authorization), a fundamental access control flaw where the application fails to properly enforce authorization checks before allowing sensitive operations. The PDF Poster plugin, identified via CPE string cpe:2.3:a:bplugins:pdf-poster, is a WordPress plugin designed for PDF document handling and poster generation. The issue stems from incorrectly configured security levels in the plugin's role-based access control implementation, allowing authenticated users with lower privilege levels to access or modify functionality that should be restricted to higher-privileged roles (administrators or specific user groups). This is a common pattern in WordPress plugins where custom post types or AJAX endpoints lack proper capability checks.

RemediationAI

Immediately upgrade bPlugins PDF Poster to version 2.4.1 or later, which patches the authorization bypass by implementing proper capability checks and role-based access control enforcement. Patch availability should be verified via the official WordPress plugin repository (wordpress.org/plugins/pdf-poster) and the vendor's advisory page. As an interim mitigation measure, restrict user registration and limit the creation of low-privilege accounts on affected WordPress installations until patching is completed. Review and audit existing user roles and capabilities within the WordPress admin panel to ensure separation of duties. Consider using WordPress security plugins to add additional access control layers and monitor for suspicious privilege escalation attempts. Database and file backups should be taken before applying patches to ensure rollback capability if issues arise.

Share

CVE-2026-32416 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy