Description
Missing Authorization vulnerability in Andy Ha DEPART depart-deposit-and-part-payment-for-woo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DEPART: from n/a through <= 1.0.7.
Published: 2026-04-08
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: Escalated Privileges
Action: Immediate Patch
AI Analysis

Impact

The DEPART plugin contains a missing authorization flaw that permits exploitation of incorrectly configured access control security levels. This allows an attacker to gain unauthorized access to administrative functionalities within the WordPress site, effectively escalating privileges and potentially compromising sensitive data or site operations.

Affected Systems

The vulnerability affects the DEPART plugin by Andy Ha, version 1.0.7 and earlier. All installations of DEPART deployable through WordPress are susceptible until the plugin is updated beyond these earlier releases.

Risk and Exploitability

The CVSS score is not supplied, and no EPSS metric is available, but the flaw enables an attacker to bypass normal permission checks. The attack vector is most likely performed remotely over the web, exploiting exposed plugin endpoints. Because the issue has not been marked in the CISA KEV catalog, no publicly-known exploits exist at this time.

Generated by OpenCVE AI on April 8, 2026 at 09:46 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the DEPART plugin to the latest available version (any release newer than 1.0.7).
  • If an upgrade is not immediately possible, restrict web access to the plugin’s administrative pages using server or WordPress role‑based controls.

Generated by OpenCVE AI on April 8, 2026 at 09:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Andy Ha
Andy Ha depart
Wordpress
Wordpress wordpress
Vendors & Products Andy Ha
Andy Ha depart
Wordpress
Wordpress wordpress

Wed, 08 Apr 2026 08:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Andy Ha DEPART depart-deposit-and-part-payment-for-woo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DEPART: from n/a through <= 1.0.7.
Title WordPress DEPART plugin <= 1.0.7 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Andy Ha Depart
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-08T08:30:21.650Z

Reserved: 2026-04-07T10:48:44.714Z

Link: CVE-2026-39592

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-08T09:16:29.200

Modified: 2026-04-08T21:26:35.910

Link: CVE-2026-39592

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:42:17Z

Weaknesses