Description
Missing Authorization vulnerability in Premmerce Premmerce Redirect Manager premmerce-redirect-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premmerce Redirect Manager: from n/a through <= 1.0.12.
Published: 2026-03-25
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access / Privilege Escalation
Action: Immediate Patch
AI Analysis

Impact

Premmerce Redirect Manager allows an attacker to bypass access control checks, enabling unauthorized use of administrative functions. The missing authorization check can lead to disclosure of sensitive data, unauthorized changes to redirects, or manipulation of site behavior. The core weakness is a broken access control flaw.

Affected Systems

Premmerce Redirect Manager plugin for WordPress, versions up to and including 1.0.12. All installations that have not been updated beyond this version are affected.

Risk and Exploitability

The vulnerability carries a CVSS score of 6.5, indicating moderate severity. An EPSS score below 1% suggests a low probability of exploitation at this time, and the issue is not yet listed in CISA’s Known Exploited Vulnerabilities catalog. The likely attack vector is remote web-based exploitation, where an unauthenticated or low‑privileged user can send crafted requests to exposed plugin endpoints to gain higher privileges. Due to the lack of explicit authentication requirement in the description, it is inferred that no credentials are needed to trigger the privilege escalation, making the attack path relatively simple once the plugin is reachable.

Generated by OpenCVE AI on March 26, 2026 at 15:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Premmerce Redirect Manager to the latest version available, preferably a release newer than 1.0.12 to eliminate the missing authorization check.

Generated by OpenCVE AI on March 26, 2026 at 15:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Premmerce
Premmerce premmerce Redirect Manager
Wordpress
Wordpress wordpress
Vendors & Products Premmerce
Premmerce premmerce Redirect Manager
Wordpress
Wordpress wordpress

Wed, 25 Mar 2026 16:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Premmerce Premmerce Redirect Manager premmerce-redirect-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premmerce Redirect Manager: from n/a through <= 1.0.12.
Title WordPress Premmerce Redirect Manager plugin <= 1.0.12 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Premmerce Premmerce Redirect Manager
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-03-26T13:15:12.437Z

Reserved: 2026-03-12T11:12:34.193Z

Link: CVE-2026-32541

cve-icon Vulnrichment

Updated: 2026-03-26T13:13:52.251Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-25T17:17:07.977

Modified: 2026-03-30T13:27:12.923

Link: CVE-2026-32541

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:30:36Z

Weaknesses