Skip to main content

Super Custom Login EUVDEUVD-2026-20236

| CVE-2026-39605 MEDIUM
Missing Authorization (CWE-862)
2026-04-08 Patchstack GHSA-3gmf-wjhx-fmw7
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Apr 08, 2026 - 08:45 euvd
EUVD-2026-20236
Analysis Generated
Apr 08, 2026 - 08:45 vuln.today
CVE Published
Apr 08, 2026 - 08:30 nvd
MEDIUM 5.3

DescriptionCVE.org

Missing Authorization vulnerability in Obadiah Super Custom Login super-custom-login allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Super Custom Login: from n/a through <= 1.1.

AnalysisAI

Missing authorization in Obadiah Super Custom Login WordPress plugin versions 1.1 and earlier allows unauthenticated remote attackers to bypass access controls and gain limited information disclosure. The vulnerability stems from incorrectly configured access control security levels that fail to enforce proper authorization checks, enabling attackers to exploit weak authentication mechanisms without requiring valid credentials or user interaction.

Technical ContextAI

The vulnerability is classified as CWE-862 (Missing Authorization), which occurs when access control mechanisms fail to properly restrict resource access based on user privileges. In the context of the Super Custom Login WordPress plugin (CPE: cpe:2.3:a:obadiah:super_custom_login:*:*:*:*:*:*:*:*), the plugin's authentication and login customization functionality lacks sufficient authorization validation. This allows the access control security levels to be exploited, permitting unauthorized users to circumvent intended restrictions. The vulnerability affects the core authentication bypass mechanisms that should validate user permissions before granting access to protected resources or sensitive information.

RemediationAI

Upgrade Obadiah Super Custom Login to a version greater than 1.1 if available from the vendor. Immediate patch availability for specific fixed versions is not confirmed in the provided data; however, users should check the plugin's official WordPress.org repository or the vendor's advisory at https://patchstack.com/database/Wordpress/Plugin/super-custom-login for the latest patched release. As an interim mitigation, consider restricting access to login customization features through web server configuration or temporarily disabling the plugin until an update is available. Additional guidance may be available via the NIST NVD record at https://nvd.nist.gov/vuln/detail/CVE-2026-39605.

Share

EUVD-2026-20236 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy