Description
Missing Authorization vulnerability in Iulia Cazan Latest Post Shortcode latest-post-shortcode allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Latest Post Shortcode: from n/a through <= 14.2.1.
Published: 2026-03-13
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access to Content
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is a missing authorization flaw, classified as CWE-862, in the WordPress Latest Post Shortcode plugin up to version 14.2.1. It allows an attacker to bypass the plugin’s configured access control settings and view content that should otherwise be restricted, such as drafts or private posts. The flaw does not explicitly provide a way to modify content, so the primary impact is a confidentiality breach.

Affected Systems

This issue affects the Iulia Cazan Latest Post Shortcode plugin in all releases from the earliest available version through version 14.2.1 inclusive. Any WordPress site that has this plugin installed and enabled in any of those versions is vulnerable.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity. The EPSS score of less than 1% indicates that exploitation is unlikely in the wild, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred to be web-based; an attacker could reach the vulnerable code via any HTTP request that triggers the shortcode processing, provided appropriate role checks are missing.

Generated by OpenCVE AI on March 19, 2026 at 16:11 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Latest Post Shortcode plugin to the newest available version.
  • If an update is not immediately possible, disable the plugin to prevent exposure of the vulnerable functionality.
  • Verify that WordPress role permissions are appropriately configured to limit access to restricted content.
  • Monitor the vendor’s website or security advisories for patch releases.

Generated by OpenCVE AI on March 19, 2026 at 16:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Iulia Cazan
Iulia Cazan latest Post Shortcode
Wordpress
Wordpress wordpress
Vendors & Products Iulia Cazan
Iulia Cazan latest Post Shortcode
Wordpress
Wordpress wordpress

Fri, 13 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Iulia Cazan Latest Post Shortcode latest-post-shortcode allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Latest Post Shortcode: from n/a through <= 14.2.1.
Title WordPress Latest Post Shortcode plugin <= 14.2.1 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Iulia Cazan Latest Post Shortcode
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-01T14:15:51.000Z

Reserved: 2026-03-10T10:59:45.899Z

Link: CVE-2026-31916

cve-icon Vulnrichment

Updated: 2026-03-13T18:44:08.396Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-13T19:54:38.613

Modified: 2026-03-16T14:54:11.293

Link: CVE-2026-31916

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T09:59:29Z

Weaknesses