Skip to main content

Petitioner EUVDEUVD-2026-15872

| CVE-2026-32514 MEDIUM
Missing Authorization (CWE-862)
2026-03-25 Patchstack
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Mar 25, 2026 - 16:47 euvd
EUVD-2026-15872
Analysis Generated
Mar 25, 2026 - 16:47 vuln.today
CVE Published
Mar 25, 2026 - 16:15 nvd
MEDIUM 6.5

DescriptionCVE.org

Missing Authorization vulnerability in Anton Voytenko Petitioner petitioner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Petitioner: from n/a through <= 0.7.3.

AnalysisAI

Petitioner version 0.7.3 and earlier contains a missing authorization check that allows authenticated users to modify data or settings they should not have access to due to incorrectly configured access control levels. An attacker with valid credentials can exploit this to perform unauthorized actions without requiring user interaction. A patch is not currently available for this vulnerability.

Technical ContextAI

The vulnerability is classified as CWE-862 (Missing Authorization), a fundamental access control weakness where the application fails to properly enforce authorization checks before granting access to protected functions or data. This affects the Anton Voytenko Petitioner plugin (cpe:2.3:a:anton_voytenko:petitioner:*:*:*:*:*:*:*:*), which appears to be a WordPress plugin based on the Patchstack database reference. The root cause involves incorrectly configured access control security levels that permit privilege escalation or unauthorized resource access without proper role-based or capability-based verification. The absence of adequate authorization validation at critical entry points or endpoints allows attackers to circumvent intended security restrictions.

RemediationAI

Upgrade the Petitioner plugin to a version newer than 0.7.3 as soon as a patched release becomes available; monitor the Patchstack database and Anton Voytenko's official repository for security updates. Until a patch is released, disable the Petitioner plugin or restrict access to it via WordPress user role management, limiting activation to trusted administrators only. Additionally, implement WordPress security hardening by enforcing strong authentication mechanisms (two-factor authentication), restricting plugin installation capabilities, and monitoring for unauthorized capability escalation through access logs. Organizations should also review any custom capability configurations within the Petitioner plugin to ensure proper role-based access control is enforced at all critical functions.

Share

EUVD-2026-15872 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy