Skip to main content

Universal Clocks

1 CVEs product

Monthly

CVE-2026-57782 MEDIUM This Month

Universal Clocks WordPress plugin (≤1.2.0) by PressTigers exposes unauthorized action endpoints due to missing authorization checks, enabling unauthenticated remote attackers to perform integrity-impacting operations without valid credentials. Reported by Patchstack under CWE-862, the flaw stems from incorrectly configured access control security levels that fail to validate caller permissions before executing plugin functionality. No public exploit code or active exploitation (CISA KEV listing) has been identified at time of analysis.

Authentication Bypass Universal Clocks
NVD
CVSS 3.1
5.3
EPSS
0.3%
EPSS 0% CVSS 5.3
MEDIUM This Month

Universal Clocks WordPress plugin (≤1.2.0) by PressTigers exposes unauthorized action endpoints due to missing authorization checks, enabling unauthenticated remote attackers to perform integrity-impacting operations without valid credentials. Reported by Patchstack under CWE-862, the flaw stems from incorrectly configured access control security levels that fail to validate caller permissions before executing plugin functionality. No public exploit code or active exploitation (CISA KEV listing) has been identified at time of analysis.

Authentication Bypass Universal Clocks
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy