Description
Missing Authorization vulnerability in princeahmed Integrate Google Drive integrate-google-drive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integrate Google Drive: from n/a through <= 1.5.6.
Published: 2026-01-23
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access to Google Drive Integration
Action: Immediate Patch
AI Analysis

Impact

A flaw in the Integrate Google Drive plugin for WordPress permits an attacker to bypass authorization checks and gain access to Google Drive data linked to the site. The vulnerability stems from improperly enforced access control logic, enabling users or potentially unauthenticated actors to request sensitive information. The weakness is a classic Broken Access Control scenario (CWE‑862).

Affected Systems

The affected component is the Integrate Google Drive WordPress plugin, developed by princeahmed. Versions from the earliest release through version 1.5.6, inclusive, are vulnerable. Any WordPress site using these versions could be impacted.

Risk and Exploitability

The CVSS base score of 5.4 indicates moderate risk, while the EPSS score of less than 1% suggests exploitation is unlikely but possible. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the attack vector is inferred to be through normal usage of the plugin, potentially exploiting misconfigured user roles or permissions within the WordPress ecosystem. There is no evidence of a publicly exploitable remote code execution path, but unauthorized data retrieval is feasible if an attacker can trigger the plugin’s API calls. The risk is therefore concentrated on privileged or compromised users who can manipulate the plugin’s settings.

Generated by OpenCVE AI on April 16, 2026 at 01:49 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Integrate Google Drive plugin to the latest version greater than 1.5.6 to remove the broken access control logic.
  • Review and tighten role‑based access controls for the plugin, ensuring only authorized users can initiate or view Google Drive operations.
  • If the integration is not required, disable or remove the plugin to eliminate the exposure.

Generated by OpenCVE AI on April 16, 2026 at 01:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N'}

 cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Prince Integrate Google Drive integrate-google-drive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integrate Google Drive: from n/a through <= 1.5.5. Missing Authorization vulnerability in princeahmed Integrate Google Drive integrate-google-drive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integrate Google Drive: from n/a through <= 1.5.6.
Title WordPress Integrate Google Drive plugin <= 1.5.5 - Broken Access Control vulnerability WordPress Integrate Google Drive plugin <= 1.5.6 - Broken Access Control vulnerability

Tue, 27 Jan 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 26 Jan 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Prince
Prince integrate Google Drive
Wordpress
Wordpress wordpress
Vendors & Products Prince
Prince integrate Google Drive
Wordpress
Wordpress wordpress

Fri, 23 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Prince Integrate Google Drive integrate-google-drive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integrate Google Drive: from n/a through <= 1.5.5.
Title WordPress Integrate Google Drive plugin <= 1.5.5 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Prince Integrate Google Drive
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:14:48.837Z

Reserved: 2026-01-23T12:31:46.853Z

Link: CVE-2026-24540

cve-icon Vulnrichment

Updated: 2026-01-27T16:56:16.082Z

cve-icon NVD

Status : Deferred

Published: 2026-01-23T15:16:10.203

Modified: 2026-04-28T15:16:11.843

Link: CVE-2026-24540

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T02:00:12Z

Weaknesses