Skip to main content

Broadstreet Ads CVE-2026-45210

| EUVDEUVD-2026-29452 MEDIUM
Missing Authorization (CWE-862)
2026-05-12 Patchstack GHSA-qfh3-p8jm-v9fx
5.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
Low

Lifecycle Timeline

2
Analysis Generated
May 12, 2026 - 11:32 vuln.today
CVE Published
May 12, 2026 - 11:02 nvd
MEDIUM 5.4

DescriptionCVE.org

Missing Authorization vulnerability in Broadstreet Broadstreet Ads broadstreet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Broadstreet Ads: from n/a through <= 1.52.2.

AnalysisAI

Missing authorization in Broadstreet Ads WordPress plugin through version 1.52.2 allows authenticated users to bypass access controls and modify data, resulting in integrity and availability impact. The vulnerability stems from incorrectly configured access control security levels that fail to properly validate user permissions before executing sensitive operations. Exploitation requires valid user authentication but no special configuration or interaction.

Technical ContextAI

Broadstreet Ads is a WordPress plugin for managing advertising campaigns and inventory. The vulnerability is classified as CWE-862 (Missing Authorization), indicating that the plugin fails to enforce proper privilege boundaries in its access control implementation. Authenticated users with lower privilege levels can exploit misconfigured security checks to perform actions intended for higher-privileged roles. The vulnerability affects the plugin across all versions through 1.52.2, suggesting the authorization bypass exists in core functionality rather than isolated features.

RemediationAI

Upgrade Broadstreet Ads to the patched version immediately following the vendor's release (version after 1.52.2 once available). Contact the Broadstreet development team or monitor their plugin repository for the security patch. Interim workaround: Restrict plugin access to trusted administrators only by using WordPress user role management; disable or remove the plugin from non-production environments until patching is complete. Note that disabling the plugin will halt advertising functionality, and role restriction may limit intended operational use - verify compatibility with site requirements before implementing. Apply the patch at the earliest convenient maintenance window to minimize service disruption.

Share

CVE-2026-45210 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy