Skip to main content

Revive So EUVDEUVD-2026-20203

| CVE-2026-39561 MEDIUM
Missing Authorization (CWE-862)
2026-04-08 Patchstack GHSA-g4m4-g557-q87f
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Apr 08, 2026 - 08:45 euvd
EUVD-2026-20203
Analysis Generated
Apr 08, 2026 - 08:45 vuln.today
CVE Published
Apr 08, 2026 - 08:30 nvd
MEDIUM 5.3

DescriptionCVE.org

Missing Authorization vulnerability in WP Chill Revive.so revive-so allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Revive.so: from n/a through <= 2.0.7.

AnalysisAI

Missing authorization in WP Chill Revive.so plugin versions up to 2.0.7 allows unauthenticated remote attackers to bypass access controls and read sensitive information via incorrectly configured access control security levels. The vulnerability has an EPSS score of 0.02% (4th percentile), indicating minimal real-world exploitation probability despite the moderate CVSS 5.3 score. No public exploit code or active exploitation has been confirmed.

Technical ContextAI

This is a missing authorization vulnerability (CWE-862) in the WordPress plugin Revive.so, affecting all versions from the beginning through 2.0.7. The root cause is improper access control implementation that fails to enforce proper authorization checks before exposing sensitive data or functionality. The vulnerability allows unauthenticated attackers (CVSS PR:N) to exploit misconfigured security levels via network access (AV:N) with low complexity (AC:L). The CPE designation cpe:2.3:a:wp_chill:revive.so:*:*:*:*:*:*:*:* confirms the plugin is developed by WP Chill and affects all variants and versions up to the currently vulnerable release.

RemediationAI

Update the WP Chill Revive.so plugin to version 2.0.8 or later, which contains the fix for the missing authorization vulnerability. This update should be applied immediately through the WordPress plugin management interface or by manual upload. Refer to the Patchstack vulnerability database entry (https://patchstack.com/database/Wordpress/Plugin/revive-so/vulnerability/wordpress-revive-so-plugin-2-0-7-broken-access-control-vulnerability?_s_id=cve) for detailed advisory information and patch confirmation. No workarounds are available for this access control issue, making patching the only effective mitigation.

Share

EUVD-2026-20203 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy