Description
Missing Authorization vulnerability in crgeary JAMstack Deployments wp-jamstack-deployments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JAMstack Deployments: from n/a through <= 1.1.1.
Published: 2026-02-19
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized access to protected plugin functionality due to missing authorization
Action: Assess Impact
AI Analysis

Impact

The vulnerability in the WordPress JAMstack Deployments plugin arises from an absence of proper authorization checks, allowing users to access or modify plugin features that should be restricted. This flaw can enable a non-administrative user to manipulate deployment settings, potentially exposing sensitive data or altering site behavior. The weakness is classified as CWE-862, reflecting improper authorization control.

Affected Systems

Products affected are the WordPress JAMstack Deployments plugin from the vendor crgeary, version 1.1.1 and earlier. Any WordPress installation running this plugin is susceptible, regardless of other site configurations.

Risk and Exploitability

The CVSS score of 4.3 indicates moderate severity, and the EPSS score of less than 1% shows a very low probability of exploitation in the wild. This vulnerability is not listed in the CISA KEV catalog, suggesting no publicly known exploits. The attack vector is likely through the plugin’s administrative interface, where an authenticated but unauthorized user could exploit the missing access controls. Successful exploitation would compromise confidentiality, integrity, or availability of deployment configurations within the affected WordPress site.

Generated by OpenCVE AI on April 16, 2026 at 00:17 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the plugin to a version newer than 1.1.1 that addresses the access control flaw
  • If immediate upgrade is not feasible, modify file and directory permissions so that only administrators can modify plugin settings
  • Restrict access to the WordPress admin area using IP whitelisting and monitor logs for unexpected access attempts

Generated by OpenCVE AI on April 16, 2026 at 00:17 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 20 Feb 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Crgeary
Crgeary jamstack Deployments
Wordpress
Wordpress wordpress
Vendors & Products Crgeary
Crgeary jamstack Deployments
Wordpress
Wordpress wordpress

Fri, 20 Feb 2026 01:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 19 Feb 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Thu, 19 Feb 2026 08:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in crgeary JAMstack Deployments wp-jamstack-deployments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JAMstack Deployments: from n/a through <= 1.1.1.
Title WordPress JAMstack Deployments plugin <= 1.1.1 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Crgeary Jamstack Deployments
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:14:58.299Z

Reserved: 2026-02-02T12:53:19.001Z

Link: CVE-2026-25409

cve-icon Vulnrichment

Updated: 2026-02-19T18:45:17.209Z

cve-icon NVD

Status : Deferred

Published: 2026-02-19T09:16:22.610

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-25409

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T00:30:18Z

Weaknesses