Skip to main content

Lawyer Landing Page EUVDEUVD-2026-12027

| CVE-2026-32487 MEDIUM
Missing Authorization (CWE-862)
2026-03-13 Patchstack
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Mar 13, 2026 - 16:57 euvd
EUVD-2026-12027
Analysis Generated
Mar 13, 2026 - 16:57 vuln.today
CVE Published
Mar 13, 2026 - 11:42 nvd
MEDIUM 5.3

DescriptionCVE.org

Missing Authorization vulnerability in raratheme Lawyer Landing Page lawyer-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lawyer Landing Page: from n/a through <= 1.2.7.

AnalysisAI

The Lawyer Landing Page plugin through version 1.2.7 contains an authorization bypass vulnerability that allows unauthenticated attackers to modify data due to improper access control configuration. This network-accessible vulnerability could enable attackers to alter content or settings without proper authentication credentials. A patch is not currently available for affected installations.

Technical ContextAI

This vulnerability is rooted in CWE-862 (Missing Authorization), a class of security weakness where access control checks are either absent or improperly implemented. The raratheme Lawyer Landing Page plugin, identified via WordPress plugin ecosystem taxonomy, fails to validate user permissions before executing critical operations—likely in administrative or form-processing functions. The vulnerability affects the plugin from an unspecified baseline through version 1.2.7, suggesting the issue existed from early development or introduction and persisted through multiple minor releases. The plugin likely runs within WordPress's REST API, admin-ajax, or direct POST/GET handlers where authorization checks should validate user capabilities (such as wp_verify_nonce and current_user_can()) but do not.

RemediationAI

Immediately upgrade the raratheme Lawyer Landing Page plugin to the latest available version (expected to be 1.2.8 or later once patched by the vendor). Until a patch is available or applied, implement the following mitigations: restrict administrative access to the WordPress dashboard using IP whitelisting or a Web Application Firewall (WAF) rule set to block unauthenticated requests to affected plugin endpoints; audit database logs for unauthorized data modifications; implement WordPress security hardening best practices including strong authentication, two-factor authentication for admin accounts, and nonce verification in form submissions. If the vendor has not released a patch, consider disabling the plugin entirely until a security update is confirmed. Check the raratheme website or WordPress plugin repository for security advisories and patch notes.

Share

EUVD-2026-12027 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy