Skip to main content

Publishpress Authors EUVDEUVD-2026-15639

| CVE-2026-25309 HIGH
Missing Authorization (CWE-862)
2026-03-25 Patchstack GHSA-mxc9-2x8m-2m26
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

4
Re-analysis Queued
Apr 24, 2026 - 16:37 vuln.today
cvss_changed
EUVD ID Assigned
Mar 25, 2026 - 16:47 euvd
EUVD-2026-15639
Analysis Generated
Mar 25, 2026 - 16:47 vuln.today
CVE Published
Mar 25, 2026 - 16:14 nvd
HIGH 7.5

DescriptionCVE.org

Missing Authorization vulnerability in PublishPress PublishPress Authors publishpress-authors allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PublishPress Authors: from n/a through <= 4.10.1.

AnalysisAI

A missing authorization vulnerability in PublishPress Authors plugin versions up to 4.10.1 allows attackers to exploit incorrectly configured access control security levels, potentially bypassing authentication mechanisms. This vulnerability affects WordPress installations using the PublishPress Authors plugin and could enable unauthorized users to perform actions they should not be permitted to execute. The vulnerability is classified as an authentication bypass issue with CWE-862 (Missing Authorization), though specific CVSS scoring and exploitation data are not yet published.

Technical ContextAI

The vulnerability exists in the PublishPress Authors plugin for WordPress, identified via CPE cpe:2.3:a:publishpress:publishpress_authors:*:*:*:*:*:*:*:*. The root cause is classified under CWE-862 (Improper Access Control), which indicates that the plugin fails to properly validate user permissions before granting access to sensitive functionality or resources. PublishPress Authors is a WordPress plugin that manages authorship and author metadata; the broken access control suggests that the plugin's authorization checks for displaying, modifying, or managing author information are not properly enforced, potentially allowing users to access or modify author data beyond their intended permission scope.

RemediationAI

Update PublishPress Authors to a version newer than 4.10.1 as soon as a patched version is released by PublishPress. Check the official PublishPress website and WordPress plugin repository for available updates. Until a patch is available, implement the following compensating controls: restrict plugin functionality using WordPress role and capability management to limit which users can access author management features, disable the PublishPress Authors plugin if it is not actively required, and audit user access logs to detect any suspicious authorization bypass attempts. Consider using a Web Application Firewall (WAF) to monitor and block requests that attempt to exploit authorization bypass patterns if the plugin must remain active.

Share

EUVD-2026-15639 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy