Skip to main content

Wp Food EUVDEUVD-2026-11983

| CVE-2026-32440 MEDIUM
Missing Authorization (CWE-862)
2026-03-13 Patchstack
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

4
Patch available
Apr 16, 2026 - 05:29 EUVD
2.7.1
EUVD ID Assigned
Mar 13, 2026 - 16:57 euvd
EUVD-2026-11983
Analysis Generated
Mar 13, 2026 - 16:57 vuln.today
CVE Published
Mar 13, 2026 - 11:42 nvd
MEDIUM 5.3

DescriptionCVE.org

Missing Authorization vulnerability in Ex-Themes WP Food wp-food allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Food: from n/a through < 2.7.1.

AnalysisAI

Inadequate access control in WP Food plugin versions below 2.7.1 allows unauthenticated remote attackers to modify data without proper authorization checks. This vulnerability affects WordPress installations using the vulnerable WP Food plugin and could enable attackers to alter plugin functionality or data integrity. No patch is currently available for this issue.

Technical ContextAI

This vulnerability is rooted in CWE-862 (Missing Authorization), which occurs when the WP Food plugin fails to properly enforce access control checks before allowing sensitive operations. The plugin, which operates within the WordPress ecosystem (CPE identifier would be cpe:2.3:a:ex-themes:wp_food), lacks adequate authorization validation in one or more endpoints or functions, allowing unauthenticated users to perform actions that should be restricted to authenticated administrators or specific user roles. The vulnerability likely affects WordPress REST API endpoints or form handlers that do not verify user capabilities before processing requests, a common misconfiguration in WordPress plugins that extends WordPress's permission model inconsistently.

RemediationAI

Upgrade the WP Food plugin to version 2.7.1 or later immediately through the WordPress admin dashboard or the official plugin repository. This update addresses the authorization bypass by implementing proper access control checks. Until patching is feasible, administrators should enforce role-based access controls through WordPress permission management, restrict API access via Web Application Firewall rules to trusted IP ranges only, implement content integrity monitoring to detect unauthorized modifications, and review audit logs for any suspicious unauthorized requests. If immediate patching is not possible, consider temporarily disabling the plugin until the update can be applied.

Share

EUVD-2026-11983 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy