Skip to main content

Spectra EUVDEUVD-2026-26218

| CVE-2026-42648 MEDIUM
Missing Authorization (CWE-862)
2026-04-29 Patchstack
4.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

2
EUVD ID Assigned
Apr 29, 2026 - 11:30 euvd
EUVD-2026-26218
CVE Published
Apr 29, 2026 - 10:40 nvd
MEDIUM 4.3

DescriptionCVE.org

Missing Authorization vulnerability in Brainstorm Force Spectra ultimate-addons-for-gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through <= 2.19.22.

Analysis

Missing Authorization vulnerability in Brainstorm Force Spectra ultimate-addons-for-gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through <= 2.19.22.

CVE-2020-25966 HIGH POC
7.5 Oct 28

Sectona Spectra before 3.4.0 has a vulnerable SOAP API endpoint that leaks sensitive information about the configured as

CVE-2023-6486 MEDIUM POC
6.4 Apr 09

The Spectra - WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custo

CVE-2020-36702 MEDIUM POC
5.5 Jun 07

The Ultimate Addons for Gutenberg plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to,

CVE-2024-37517 HIGH
8.8 Nov 01

Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control

CVE-2023-36679 HIGH
7.1 Mar 28

Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Spectra.6.6. Rated high severity (CVSS 7.1), this v

CVE-2023-49833 MEDIUM
6.5 Dec 14

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force S

CVE-2024-1815 MEDIUM
6.4 May 23

The Spectra - WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugi

CVE-2024-1814 MEDIUM
6.4 May 23

The Spectra - WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugi

CVE-2024-4366 MEDIUM
6.4 May 24

The Spectra - WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘bloc

CVE-2024-10484 MEDIUM
5.4 Dec 03

The Spectra - WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugi

CVE-2024-3827 MEDIUM
5.4 Aug 02

The Spectra Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via block ids in all versions up to, a

CVE-2024-3107 MEDIUM
4.3 May 02

The Spectra - WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Path Traversal in versions up to, and inc

Share

EUVD-2026-26218 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy