Ultimate Post Kit
Monthly
A missing authorization vulnerability exists in bdthemes Ultimate Post Kit WordPress plugin through version 4.0.21, where incorrectly configured access control allows attackers to bypass authentication mechanisms and exploit broken access control security levels. An attacker can leverage this vulnerability to perform unauthorized actions that should be restricted to authenticated or privileged users. While no CVSS score, EPSS data, or confirmed KEV status is currently available, the vulnerability is classified under CWE-862 (Missing Authorization) and has been documented by Patchstack, indicating active research and potential exploitation concern.
A missing authorization vulnerability exists in bdthemes Ultimate Post Kit WordPress plugin through version 4.0.21, where incorrectly configured access control allows attackers to bypass authentication mechanisms and exploit broken access control security levels. An attacker can leverage this vulnerability to perform unauthorized actions that should be restricted to authenticated or privileged users. While no CVSS score, EPSS data, or confirmed KEV status is currently available, the vulnerability is classified under CWE-862 (Missing Authorization) and has been documented by Patchstack, indicating active research and potential exploitation concern.