Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
3DescriptionCVE.org
Missing Authorization vulnerability in Premmerce Premmerce Redirect Manager premmerce-redirect-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premmerce Redirect Manager: from n/a through <= 1.0.12.
AnalysisAI
Improper access control in Premmerce Redirect Manager through version 1.0.12 permits authenticated users to bypass authorization checks and manipulate redirect configurations. An attacker with valid credentials could exploit this vulnerability to modify, view, or delete redirects they should not have access to, potentially affecting website traffic and user experience. A patch is not currently available.
Technical ContextAI
The Premmerce Redirect Manager is a WordPress plugin (CPE: cpe:2.3:a:premmerce:premmerce_redirect_manager:*:*:*:*:*:*:*:*) that handles URL redirections for WooCommerce environments. The vulnerability stems from CWE-862 (Missing Authorization), a class of defects where the application fails to properly enforce access control rules before allowing sensitive operations. Specifically, the plugin does not adequately validate user permissions when processing redirect management requests, allowing attackers to manipulate redirect rules without proper authorization checks. This is a server-side access control failure typical in WordPress plugins where nonce verification or capability checks are missing or improperly implemented.
RemediationAI
Immediately upgrade Premmerce Redirect Manager to a version newer than 1.0.12 once a patched release is available from the vendor; check the Patchstack advisory (https://patchstack.com/database/Wordpress/Plugin/premmerce-redirect-manager/vulnerability/wordpress-premmerce-redirect-manager-plugin-1-0-12-broken-access-control-vulnerability) for patch availability and release notes. As an interim control pending patching, disable or deactivate the plugin if redirect functionality is not critical, restrict administrative access to the WordPress dashboard via IP whitelisting and strong authentication (including multi-factor authentication), and audit existing redirect rules for unauthorized modifications. Additionally, implement Web Application Firewall (WAF) rules to detect and block suspicious redirect management requests and monitor WordPress logs for unauthorized redirect configuration changes.
More in Premmerce Redirect Manager
View allSame weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-15917
GHSA-cr9r-vp8v-4xww