Description
Missing Authorization vulnerability in Prince Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects Integrate Google Drive: from n/a through 1.3.8.
Published: 2026-06-17
Score: 8.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A missing Authorization flaw in the Prince Integrate Google Drive plugin for WordPress allows attackers to bypass the plugin’s security levels, giving them the ability to read or manipulate Google Drive files that should be restricted. This breach of access control is classified as CWE‑862.

Affected Systems

All releases of the Prince Integrate Google Drive plugin up to version 1.3.8 are affected. WordPress sites that have not refreshed the plugin beyond this point remain vulnerable.

Risk and Exploitability

The CVSS score of 8.3 indicates a high severity. EPSS data is not available and the vulnerability is not listed in CISA’s KEV catalog, so current exploitation prevalence is unknown; however, the high score signals that an attacker who can reach the plugin’s interface or API has a significant chance to exploit the broken access control. Based on the description, it is inferred that the plugin’s administrative UI or REST endpoints can be accessed by users lacking proper authorization. The attacker would therefore need the plugin installed on the target site and could potentially gain unauthorized access to the associated Google Drive files.

Generated by OpenCVE AI on June 18, 2026 at 11:57 UTC.

Remediation

Vendor Solution

Update the WordPress Integrate Google Drive plugin to the latest available version (at least 1.3.91).


OpenCVE Recommended Actions

  • Update the WordPress Integrate Google Drive plugin to at least version 1.3.91.
  • Configure WordPress so that only trusted administrative roles have permission to use the plugin, removing or downgrading capabilities for lower‑privilege users.
  • If an immediate update cannot be applied, temporarily disable the plugin for all non‑admin users or shut it down entirely until the fix is applied.

Generated by OpenCVE AI on June 18, 2026 at 11:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 17 Jun 2026 14:00:00 +0000

Type Values Removed Values Added
First Time appeared Prince
Prince integrate Google Drive
Wordpress
Wordpress wordpress
Vendors & Products Prince
Prince integrate Google Drive
Wordpress
Wordpress wordpress

Wed, 17 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 17 Jun 2026 12:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Prince Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Integrate Google Drive: from n/a through 1.3.8.
Title WordPress Integrate Google Drive plugin <= 1.3.8 - Broken Access Control vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L'}


Subscriptions

Prince Integrate Google Drive
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-06-17T12:47:27.735Z

Reserved: 2024-04-22T10:41:46.933Z

Link: CVE-2024-32949

cve-icon Vulnrichment

Updated: 2026-06-17T12:47:23.940Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T12:00:16Z

Weaknesses