Skip to main content

Contextual Related Posts EUVDEUVD-2026-12812

| CVE-2026-32565 MEDIUM
Missing Authorization (CWE-862)
2026-03-18 Patchstack
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

4
Patch available
Apr 16, 2026 - 05:29 EUVD
4.2.2
EUVD ID Assigned
Mar 18, 2026 - 09:45 euvd
EUVD-2026-12812
Analysis Generated
Mar 18, 2026 - 09:45 vuln.today
CVE Published
Mar 18, 2026 - 09:31 nvd
MEDIUM 5.3

DescriptionCVE.org

Missing Authorization vulnerability in WebberZone Contextual Related Posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contextual Related Posts: from n/a before 4.2.2.

AnalysisAI

Contextual Related Posts versions before 4.2.2 contain an authorization bypass vulnerability that allows unauthenticated attackers to access sensitive information by exploiting improperly configured access controls. The vulnerability affects the plugin's ability to enforce proper permission checks, potentially exposing confidential data to unauthorized users. No patch is currently available for this issue.

Technical ContextAI

The vulnerability stems from CWE-862 (Missing Authorization), a root cause classification indicating that access control checks are either absent or improperly implemented at the application logic level. The Contextual Related Posts plugin (CPE: cpe:2.3:a:webberzone:contextual_related_posts:*:*:*:*:*:*:*:*) is a WordPress plugin that manages related post recommendations; the missing authorization flaw allows attackers to bypass intended security levels and access restricted plugin functionality or data without proper authentication or permission verification. The vulnerability does not affect the integrity or availability of the system, only confidentiality, suggesting that unauthorized read access to configuration data, post metadata, or plugin settings is the primary exposure vector.

RemediationAI

Immediately upgrade the Contextual Related Posts plugin to version 4.2.2 or later through the WordPress plugin dashboard (Plugins > Updates) or via direct download from the official WordPress plugin repository. Site administrators should verify the upgrade is applied by checking Settings > Contextual Related Posts and confirming the version number reflects 4.2.2 or higher. Until patching is feasible, implement temporary mitigations such as disabling the plugin entirely, restricting plugin functionality via a Web Application Firewall (WAF) to allow only authenticated API requests, or hardening WordPress file permissions to prevent unauthorized direct access to plugin configuration files. Consult the Patchstack advisory for additional technical details and workaround recommendations.

Share

EUVD-2026-12812 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy