Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
4DescriptionCVE.org
Missing Authorization vulnerability in WebberZone Contextual Related Posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contextual Related Posts: from n/a before 4.2.2.
AnalysisAI
Contextual Related Posts versions before 4.2.2 contain an authorization bypass vulnerability that allows unauthenticated attackers to access sensitive information by exploiting improperly configured access controls. The vulnerability affects the plugin's ability to enforce proper permission checks, potentially exposing confidential data to unauthorized users. No patch is currently available for this issue.
Technical ContextAI
The vulnerability stems from CWE-862 (Missing Authorization), a root cause classification indicating that access control checks are either absent or improperly implemented at the application logic level. The Contextual Related Posts plugin (CPE: cpe:2.3:a:webberzone:contextual_related_posts:*:*:*:*:*:*:*:*) is a WordPress plugin that manages related post recommendations; the missing authorization flaw allows attackers to bypass intended security levels and access restricted plugin functionality or data without proper authentication or permission verification. The vulnerability does not affect the integrity or availability of the system, only confidentiality, suggesting that unauthorized read access to configuration data, post metadata, or plugin settings is the primary exposure vector.
RemediationAI
Immediately upgrade the Contextual Related Posts plugin to version 4.2.2 or later through the WordPress plugin dashboard (Plugins > Updates) or via direct download from the official WordPress plugin repository. Site administrators should verify the upgrade is applied by checking Settings > Contextual Related Posts and confirming the version number reflects 4.2.2 or higher. Until patching is feasible, implement temporary mitigations such as disabling the plugin entirely, restricting plugin functionality via a Web Application Firewall (WAF) to allow only authenticated API requests, or hardening WordPress file permissions to prevent unauthorized direct access to plugin configuration files. Consult the Patchstack advisory for additional technical details and workaround recommendations.
More in Contextual Related Posts
View allThe Contextual Related Posts WordPress plugin before 3.3.1 does not validate and escape some of its block options before
SQL injection vulnerability in the Contextual Related Posts plugin before 1.8.10.2 for WordPress allows remote attackers
Cross-site request forgery (CSRF) vulnerability in the Contextual Related Posts plugin before 1.8.7 for WordPress allows
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-12812