Description
Missing Authorization vulnerability in 10up Autoshare for Twitter autoshare-for-twitter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Autoshare for Twitter: from n/a through <= 2.3.1.
Published: 2026-02-19
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized access to restricted plugin functionality
Action: Patch immediately
AI Analysis

Impact

The vulnerability arises from a missing authorization check in the Autoshare for Twitter plugin, allowing an attacker to bypass normal role‑based controls. The flaw is classified as a broken access control weakness (CWE‑862). Without proper authentication enforcement, an attacker could potentially manipulate tweet schedules, edit settings, or perform other privileged actions. This puts the confidentiality and integrity of the site’s social media configuration at risk.

Affected Systems

The weakness affects the 10up Autoshare for Twitter WordPress plugin for all installed versions up to and including 2.3.1. Any site running a vulnerable version of this plugin is susceptible.

Risk and Exploitability

The Common Vulnerability Scoring System assigns a CVSS score of 5.4, indicating moderate severity. The Exploit Prediction Severity Score is below 1 %, showing a low likelihood of exploitation in the wild. The vulnerability is not listed in CISA’s Known Exploited Vulnerabilities catalog. Attackers would need to interact with the WordPress site’s plugin administration interface and likely benefit from a user with limited privileges or an unauthenticated vulnerable endpoint; the exact attack vector is inferred from the description of a missing authorization check.

Generated by OpenCVE AI on April 16, 2026 at 00:33 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Autoshare for Twitter plugin to the latest version that removes the authorization error (any release newer than 2.3.1).
  • If an immediate upgrade is not possible, disable the plugin or restrict its functionality using a role‑based access control plugin to prevent unauthenticated or low‑privilege users from managing social‑media settings.
  • Audit WordPress user roles to ensure only trusted administrators have the ability to modify plugin settings, and consider revoking unnecessary capabilities for other roles.

Generated by OpenCVE AI on April 16, 2026 at 00:33 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 20 Feb 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared 10up
10up autoshare For Twitter
Wordpress
Wordpress wordpress
Vendors & Products 10up
10up autoshare For Twitter
Wordpress
Wordpress wordpress

Fri, 20 Feb 2026 01:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 19 Feb 2026 22:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L'}

Thu, 19 Feb 2026 08:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in 10up Autoshare for Twitter autoshare-for-twitter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Autoshare for Twitter: from n/a through <= 2.3.1.
Title WordPress Autoshare for Twitter plugin <= 2.3.1 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

10up Autoshare For Twitter
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:14:54.725Z

Reserved: 2026-02-02T12:20:39.016Z

Link: CVE-2026-25311

cve-icon Vulnrichment

Updated: 2026-02-19T21:38:14.306Z

cve-icon NVD

Status : Deferred

Published: 2026-02-19T09:16:15.343

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-25311

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T00:45:15Z

Weaknesses