Description
Missing Authorization vulnerability in Link Software LLC WP Terms Popup wp-terms-popup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Terms Popup: from n/a through <= 2.10.0.
Published: 2026-03-25
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access
Action: Apply Patch
AI Analysis

Impact

This vulnerability is a broken access control issue that allows an attacker to exploit incorrectly configured security levels within the WordPress WP Terms Popup plugin. Missing authorization checks enable unauthorized users to access and potentially modify plugin or site data that should be restricted, leading to unauthorized changes or disclosure.

Affected Systems

The affected software is the WP Terms Popup plugin from Link Software LLC. All versions from initial release up to and including 2.10.0 are impacted. Users running WordPress sites with these plugin versions are at risk.

Risk and Exploitability

The CVSS score of 7.5 highlights significant potential impact, while the EPSS score of less than 1% indicates low current exploit prevalence. The vulnerability is not listed in CISA’s KEV catalog. Inferred from the description, the attack vector is likely the web interface, where unauthenticated or low‑privileged users could access plugin endpoints that lack proper authorization checks. Exploitation would require a user to identify these endpoints and send crafted requests, potentially elevating privileges or modifying site content.

Generated by OpenCVE AI on March 26, 2026 at 20:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the WP Terms Popup plugin to a version newer than 2.10.0.
  • Verify that the plugin’s access control settings are correctly configured after the upgrade.
  • Review other plugins for similar missing authorization checks.
  • Monitor your site logs for unusual activity related to plugin endpoints.

Generated by OpenCVE AI on March 26, 2026 at 20:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Linksoftwarellc
Linksoftwarellc wp Terms Popup
Wordpress
Wordpress wordpress
Vendors & Products Linksoftwarellc
Linksoftwarellc wp Terms Popup
Wordpress
Wordpress wordpress

Wed, 25 Mar 2026 16:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Link Software LLC WP Terms Popup wp-terms-popup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Terms Popup: from n/a through <= 2.10.0.
Title WordPress WP Terms Popup plugin <= 2.10.0 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Linksoftwarellc Wp Terms Popup
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-03-26T18:59:07.424Z

Reserved: 2026-03-12T11:12:00.510Z

Link: CVE-2026-32495

cve-icon Vulnrichment

Updated: 2026-03-26T18:58:08.281Z

cve-icon NVD

Status : Deferred

Published: 2026-03-25T17:17:01.247

Modified: 2026-04-24T16:35:20.070

Link: CVE-2026-32495

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:31:06Z

Weaknesses