Skip to main content

Panda Pods Repeater Field EUVDEUVD-2026-20327

| CVE-2026-39658 MEDIUM
Missing Authorization (CWE-862)
2026-04-08 Patchstack GHSA-jxjc-fjfc-2w5w
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

4
Analysis Generated
Apr 15, 2026 - 12:42 vuln.today
CVSS changed
Apr 13, 2026 - 19:37 NVD
5.3 (MEDIUM)
EUVD ID Assigned
Apr 08, 2026 - 08:45 euvd
EUVD-2026-20327
CVE Published
Apr 08, 2026 - 08:30 nvd
N/A

DescriptionCVE.org

Missing Authorization vulnerability in Coding Panda Panda Pods Repeater Field panda-pods-repeater-field allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Panda Pods Repeater Field: from n/a through <= 1.5.12.

AnalysisAI

Missing authorization in Coding Panda Panda Pods Repeater Field WordPress plugin versions up to 1.5.12 allows unauthenticated remote attackers to modify data via incorrectly configured access control, affecting confidentiality and integrity of plugin-managed content without requiring user interaction or elevated privileges.

Technical ContextAI

Panda Pods Repeater Field is a WordPress plugin that extends the Pods content management framework to provide repeater field functionality for managing structured, repeated data entries. The vulnerability stems from CWE-862 (Missing Authorization), a root cause where the plugin fails to implement proper authorization checks before allowing data modification operations. The affected component likely processes repeater field updates through WordPress REST API endpoints or admin AJAX handlers without validating whether the requesting user has permission to modify the associated pod or field data. The CPE designation (cpe:2.3:a:coding_panda:panda_pods_repeater_field) identifies this as an application-level vulnerability in the plugin itself, not in WordPress core or the underlying Pods framework.

RemediationAI

Update Panda Pods Repeater Field to a version newer than 1.5.12 when available from the plugin author or WordPress.org plugin repository. Administrators should navigate to WordPress Plugins → Installed Plugins, locate Panda Pods Repeater Field, and apply the update. If no patched version is available immediately, restrict plugin access by disabling the plugin until an update is released, or implement WordPress user role restrictions to limit who can create or edit Pods repeater fields. Monitor the Patchstack advisory (https://patchstack.com/database/Wordpress/Plugin/panda-pods-repeater-field/) and NVD entry (https://nvd.nist.gov/vuln/detail/CVE-2026-39658) for patch availability announcements.

Share

EUVD-2026-20327 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy