Description
Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through <= 7.41.
Published: 2026-02-03
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Broken Access Control
Action: Apply Patch
AI Analysis

Impact

The WP Custom Admin Interface plugin fails to enforce proper authorization checks, allowing users who lack sufficient privileges to reach protected administrative pages. This missing authorization flaw permits unauthorized users to perform actions that should be restricted to administrators, potentially exposing sensitive configuration or data. The vulnerability is a classic example of CWE-862, which describes missing authorization mechanisms.

Affected Systems

The flaw affects the Northern Beaches Websites WP Custom Admin Interface plugin for all releases up to and including version 7.41. Users running any version in the range n/a through 7.41 are exposed to the risk.

Risk and Exploitability

The CVSS score of 4.3 indicates a moderate severity, and the EPSS score of less than 1% suggests a low probability of widespread exploitation at this time. The vulnerability is not listed in CISA’s KEV catalog. While the attack likely involves interacting with web pages or API endpoints that should be role‑restricted, no advanced exploitation or remote code execution is documented. Nonetheless, the potential for unauthorized configuration changes warrants timely remediation.

Generated by OpenCVE AI on April 16, 2026 at 01:12 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade WP Custom Admin Interface to version 7.42 or later to receive the authorization fix
  • Restrict access to admin‑only pages by reviewing user roles and limiting privileges within WordPress
  • Enable additional security layers such as WAF rules or role‑based access plugins to prevent accidental or intentional misuse of administrative functions

Generated by OpenCVE AI on April 16, 2026 at 01:12 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 04 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Northern Beaches Websites
Northern Beaches Websites wp Custom Admin Interface
Wordpress
Wordpress wordpress
Vendors & Products Northern Beaches Websites
Northern Beaches Websites wp Custom Admin Interface
Wordpress
Wordpress wordpress

Tue, 03 Feb 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 03 Feb 2026 14:30:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through <= 7.41.
Title WordPress WP Custom Admin Interface plugin <= 7.41 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Northern Beaches Websites Wp Custom Admin Interface
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:14:53.291Z

Reserved: 2026-01-28T09:51:50.023Z

Link: CVE-2026-25011

cve-icon Vulnrichment

Updated: 2026-02-03T15:08:47.859Z

cve-icon NVD

Status : Deferred

Published: 2026-02-03T15:16:19.323

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-25011

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T01:15:20Z

Weaknesses