Skip to main content

Premmerce Redirect Manager CVE-2026-32541

| EUVDEUVD-2026-15917 MEDIUM
Missing Authorization (CWE-862)
2026-03-25 Patchstack GHSA-cr9r-vp8v-4xww
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Mar 25, 2026 - 16:47 euvd
EUVD-2026-15917
Analysis Generated
Mar 25, 2026 - 16:47 vuln.today
CVE Published
Mar 25, 2026 - 16:15 nvd
MEDIUM 6.5

DescriptionCVE.org

Missing Authorization vulnerability in Premmerce Premmerce Redirect Manager premmerce-redirect-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premmerce Redirect Manager: from n/a through <= 1.0.12.

AnalysisAI

Improper access control in Premmerce Redirect Manager through version 1.0.12 permits authenticated users to bypass authorization checks and manipulate redirect configurations. An attacker with valid credentials could exploit this vulnerability to modify, view, or delete redirects they should not have access to, potentially affecting website traffic and user experience. A patch is not currently available.

Technical ContextAI

The Premmerce Redirect Manager is a WordPress plugin (CPE: cpe:2.3:a:premmerce:premmerce_redirect_manager:*:*:*:*:*:*:*:*) that handles URL redirections for WooCommerce environments. The vulnerability stems from CWE-862 (Missing Authorization), a class of defects where the application fails to properly enforce access control rules before allowing sensitive operations. Specifically, the plugin does not adequately validate user permissions when processing redirect management requests, allowing attackers to manipulate redirect rules without proper authorization checks. This is a server-side access control failure typical in WordPress plugins where nonce verification or capability checks are missing or improperly implemented.

RemediationAI

Immediately upgrade Premmerce Redirect Manager to a version newer than 1.0.12 once a patched release is available from the vendor; check the Patchstack advisory (https://patchstack.com/database/Wordpress/Plugin/premmerce-redirect-manager/vulnerability/wordpress-premmerce-redirect-manager-plugin-1-0-12-broken-access-control-vulnerability) for patch availability and release notes. As an interim control pending patching, disable or deactivate the plugin if redirect functionality is not critical, restrict administrative access to the WordPress dashboard via IP whitelisting and strong authentication (including multi-factor authentication), and audit existing redirect rules for unauthorized modifications. Additionally, implement Web Application Firewall (WAF) rules to detect and block suspicious redirect management requests and monitor WordPress logs for unauthorized redirect configuration changes.

Share

CVE-2026-32541 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy