Description
Missing Authorization vulnerability in vowelweb VW Education Lite vw-education-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Education Lite: from n/a through <= 2.2.0.
Published: 2026-03-13
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access / Data Manipulation
Action: Apply Patch
AI Analysis

Impact

The CVE-2026-32427 vulnerability is a Missing Authorization issue found in the vowelweb VW Education Lite WordPress plugin. The flaw allows an attacker to exploit incorrectly configured access control security levels, enabling them to perform actions reserved for privileged users such as viewing, modifying, or deleting content. This weakness is classified as CWE-862 (Missing Authorization).

Affected Systems

All installations of the VW Education Lite plugin from the earliest available version up through version 2.2.0 are affected. The vulnerability applies to any WordPress site that has the plugin installed and has not been upgraded beyond the 2.2.0 release.

Risk and Exploitability

The CVSS score of 5.3 indicates a Medium severity. The EPSS score is reported as less than 1%, suggesting that the probability of exploitation in the wild is low at this time. The vulnerability is not currently listed in the CISA KEV catalog. Exploitation requires only that the attacker exploit the plugin's missing access controls, which can be performed from the web interface without authentication. Consequently, once a site is running a vulnerable version, an attacker with knowledge of the affected plugin could gain unauthorized data access or manipulation capabilities.

Generated by OpenCVE AI on March 19, 2026 at 15:16 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade VW Education Lite to a version newer than 2.2.0, or disable the plugin if it is not required.

Generated by OpenCVE AI on March 19, 2026 at 15:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Vowelweb
Vowelweb vw Education Lite
Wordpress
Wordpress wordpress
Vendors & Products Vowelweb
Vowelweb vw Education Lite
Wordpress
Wordpress wordpress

Sun, 15 Mar 2026 04:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 20:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Fri, 13 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in vowelweb VW Education Lite vw-education-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Education Lite: from n/a through <= 2.2.0.
Title WordPress VW Education Lite plugin <= 2.2.0 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Vowelweb Vw Education Lite
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-01T14:16:14.921Z

Reserved: 2026-03-12T11:11:26.571Z

Link: CVE-2026-32427

cve-icon Vulnrichment

Updated: 2026-03-13T18:46:23.552Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-13T19:55:01.200

Modified: 2026-03-16T14:53:46.157

Link: CVE-2026-32427

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T12:03:37Z

Weaknesses