Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Unauthenticated remote request bypasses the plugin's access control with no interaction (PR:N/UI:N/AV:N/AC:L); impact is read-only disclosure of private content, so C:H and I:N/A:N.
Primary rating from Vendor (patchstack).
CVSS VectorVendor: patchstack
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
Unauthenticated Broken Access Control in Intranet & Private Site – All-In-One Intranet <= 1.8.1 versions.
AnalysisAI
Broken access control in the All-In-One Intranet WordPress plugin (versions ≤ 1.8.1) allows unauthenticated remote attackers to bypass the plugin's core 'force login / private site' restriction and read content that is supposed to be visible only to authenticated intranet members. The flaw is a missing authorization check (CWE-862) that undermines the single security feature the plugin exists to provide. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The target site must be running the All-In-One Intranet plugin (≤ 1.8.1) and relying on it to enforce a private/force-login intranet policy - the bug only matters where this plugin is the gatekeeper for otherwise-sensitive content. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The signals are moderately concerning but not emergency-grade. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who knows or guesses the URL of a WordPress site hardened with All-In-One Intranet sends a direct, unauthenticated HTTP request to content that should require login, and the missing authorization check returns the private page or data instead of redirecting to a login prompt. Because no authentication, user interaction, or special tooling is required (AV:N/AC:L/PR:N/UI:N), the attacker simply enumerates or requests intranet URLs to harvest internal information. … |
| Remediation | Update the All-In-One Intranet plugin to a release later than 1.8.1 as soon as the vendor publishes a fixed version - no exact patched version number is confirmed in the available data, so consult the Patchstack advisory (https://patchstack.com/database/wordpress/plugin/all-in-one-intranet/vulnerability/wordpress-intranet-private-site-all-in-one-intranet-plugin-1-8-1-broken-access-control-vulnerability?_s_id=cve) and the plugin's WordPress.org page for the current version before deploying. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: inventory all WordPress installations using All-In-One Intranet plugin and verify current versions. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39680
GHSA-p896-xrwf-h8qr