Description
Missing Authorization vulnerability in Saad Iqbal WP EasyPay wp-easy-pay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP EasyPay: from n/a through <= 4.2.11.
Published: 2026-03-16
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized access via broken access control
Action: Patch Now
AI Analysis

Impact

The vulnerability is a missing authorization check in the WP EasyPay plugin for WordPress, allowing an attacker to access or perform actions that should be restricted. It manifests as broken access control, a weakness identified as CWE‑862. This flaw means that users who should not have permission could potentially gain elevated privileges within the plugin environment, compromising the confidentiality or integrity of transactions handled by the plugin.

Affected Systems

The affected system is the WordPress plugin WP EasyPay published by Saad Iqbal, specifically versions up to and including 4.2.11.

Risk and Exploitability

The available metrics indicate an EPSS score of less than 1 % and no listing in the CISA KEV catalog, suggesting a relatively low likelihood of widespread exploitation. However, the attack vector is not explicitly stated; based on the plugin nature, the likely exploitation path is via the WordPress web interface. The lack of a CVSS score means the exact severity is uncertain, but the potential impact of unauthorized actions within the plugin warrants timely remediation.

Generated by OpenCVE AI on April 2, 2026 at 03:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the WP EasyPay plugin to the latest version available.
  • If an upgrade is not immediately possible, temporarily disable the plugin until a patch is applied.

Generated by OpenCVE AI on April 2, 2026 at 03:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Saad Iqbal WP EasyPay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP EasyPay: from n/a through 4.2.11. Missing Authorization vulnerability in Saad Iqbal WP EasyPay wp-easy-pay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP EasyPay: from n/a through <= 4.2.11.
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L'}

Tue, 17 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Saad Iqbal
Saad Iqbal wp Easypay
Wordpress
Wordpress wordpress
Vendors & Products Saad Iqbal
Saad Iqbal wp Easypay
Wordpress
Wordpress wordpress

Mon, 16 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 16 Mar 2026 15:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Saad Iqbal WP EasyPay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP EasyPay: from n/a through 4.2.11.
Title WordPress WP EasyPay plugin <= 4.2.11 - Broken Access Control vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L'}

Subscriptions

Saad Iqbal Wp Easypay
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-01T16:00:46.058Z

Reserved: 2026-03-12T11:12:57.709Z

Link: CVE-2026-32587

cve-icon Vulnrichment

Updated: 2026-03-16T15:50:08.152Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-16T16:16:15.740

Modified: 2026-04-01T17:28:39.377

Link: CVE-2026-32587

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T08:00:08Z

Weaknesses