Description
Missing Authorization vulnerability in Obadiah Super Custom Login super-custom-login allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Super Custom Login: from n/a through <= 1.1.
Published: 2026-04-08
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is a missing authorization flaw in the Super Custom Login WordPress plugin that allows an attacker to exploit incorrectly configured access control security levels. Because the plugin does not enforce proper checks, unauthenticated or insufficiently privileged users could potentially access or modify settings, view sensitive information, or perform administrative actions that should be restricted. The impact is a direct loss of confidentiality, integrity, or availability of the website’s configuration and possibly user data.

Affected Systems

WordPress sites running the Obadiah Super Custom Login plugin version 1.1 or earlier are affected. The vulnerability applies to all releases in this range, regardless of configuration, until the plugin is updated beyond 1.1.

Risk and Exploitability

The available data does not include a CVSS score or EPSS value, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred to be a web-based exploitation path through the plugin’s login or configuration interfaces, given that access control checks are missing. An attacker would need to have some form of access to the site, possibly an existing user account or the ability to send crafted requests, and would exploit the lack of authorization controls to elevate privileges within the WordPress environment.

Generated by OpenCVE AI on April 8, 2026 at 09:44 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Super Custom Login plugin to a version newer than 1.1
  • Verify that access control settings are correctly configured after the update
  • If plugin update is not immediately possible, disable or remove the plugin to eliminate the attack surface
  • Restrict administrative access to trusted users and enable two‑factor authentication on WordPress admin pages

Generated by OpenCVE AI on April 8, 2026 at 09:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Obadiah
Obadiah super Custom Login
Wordpress
Wordpress wordpress
Vendors & Products Obadiah
Obadiah super Custom Login
Wordpress
Wordpress wordpress

Wed, 08 Apr 2026 08:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Obadiah Super Custom Login super-custom-login allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Super Custom Login: from n/a through <= 1.1.
Title WordPress Super Custom Login plugin <= 1.1 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Obadiah Super Custom Login
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-08T08:30:22.401Z

Reserved: 2026-04-07T10:48:55.140Z

Link: CVE-2026-39605

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-08T09:16:29.757

Modified: 2026-04-08T21:26:35.910

Link: CVE-2026-39605

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:42:13Z

Weaknesses