Description
Missing Authorization vulnerability in bPlugins PDF Poster pdf-poster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF Poster: from n/a through <= 2.4.0.
Published: 2026-03-13
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access / Data Exposure
Action: Patch Update
AI Analysis

Impact

This vulnerability is a Missing Authorization flaw (CWE-862) in the bPlugins PDF Poster WordPress plugin. It allows an attacker to exploit incorrectly configured access control security levels, enabling unauthorized use of plugin functionality. The result could be unauthorized access to protected data or actions within the site, affecting confidentiality and potentially the integrity of the application. The CVSS score of 5.4 indicates a moderate severity risk from a security standpoint.

Affected Systems

The issue affects the PDF Poster plugin from all versions indicated as "n/a" through version 2.4.0. The vulnerability is reported against the bPlugins:PDF Poster product.

Risk and Exploitability

The CVSS score is 5.4 and the EPSS score is below 1%, indicating a low probability of existing exploitation in the wild; however, it is still listed in the advisory database rather than the CISA KEV catalog. Attackers would likely need to send crafted HTTP requests to the plugin’s endpoints that expose administrative or privileged actions, bypassing normal authentication checks. The vulnerability can be exploited by users without proper permissions or with minimal user credentials.

Generated by OpenCVE AI on March 19, 2026 at 15:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the PDF Poster plugin to a version newer than 2.4.0 to eliminate the missing authorization flaw.
  • If an immediate update is not feasible, remove or deactivate the PDF Poster plugin from the WordPress installation to prevent unauthorized access.
  • Monitor user activity and audit logs for signs of unauthorized use of the plugin’s features.
  • Check the vendor’s website or plugin repository for further advisories or new patches and apply them promptly.

Generated by OpenCVE AI on March 19, 2026 at 15:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Bplugins
Bplugins pdf Poster
Wordpress
Wordpress wordpress
Vendors & Products Bplugins
Bplugins pdf Poster
Wordpress
Wordpress wordpress

Fri, 13 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in bPlugins PDF Poster pdf-poster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF Poster: from n/a through <= 2.4.0.
Title WordPress PDF Poster plugin <= 2.4.0 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Bplugins Pdf Poster
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-01T14:16:13.051Z

Reserved: 2026-03-12T11:11:19.857Z

Link: CVE-2026-32416

cve-icon Vulnrichment

Updated: 2026-03-13T18:18:12.436Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-13T19:54:58.923

Modified: 2026-03-16T14:53:46.157

Link: CVE-2026-32416

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T12:03:47Z

Weaknesses