Description
Missing Authorization vulnerability in WPXPO WowOptin optin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WowOptin: from n/a through <= 1.4.32.
Published: 2026-04-08
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access
Action: Apply Patch
AI Analysis

Impact

This vulnerability is a missing authorization flaw in the WPXPO WowOptin WordPress plugin that allows attackers to access opt‑in settings without proper authorization. The weakness can potentially enable unauthorized viewing or modification of the plugin’s configuration, which could alter site behavior. The flaw is classified under CWE‑862: Missing Authorization.

Affected Systems

The affected product is WPXPO WowOptin. All installed versions up to and including 1.4.32 are affected by this issue.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity, while the EPSS score below 1% suggests a low probability of exploitation. This vulnerability is not listed in CISA’s KEV catalog. The description notes that the flaw arises from incorrectly configured access control security levels, but no specific attack vector (such as remote or local) is provided in the CVE data. Consequently, the risk remains moderate with uncertainty about the exact conditions required for exploitation.

Generated by OpenCVE AI on April 8, 2026 at 15:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update WowOptin to a version newer than 1.4.32.
  • Review and configure administrative permissions to ensure proper access control.
  • Disable or uninstall the plugin if it is not essential to site functionality.
  • Monitor the site for unexpected access or configuration changes.

Generated by OpenCVE AI on April 8, 2026 at 15:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 29 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

 cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Wed, 08 Apr 2026 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Wpxpo
Wpxpo wowoptin
Vendors & Products Wordpress
Wordpress wordpress
Wpxpo
Wpxpo wowoptin

Wed, 08 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 08 Apr 2026 08:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in WPXPO WowOptin optin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WowOptin: from n/a through <= 1.4.32.
Title WordPress WowOptin plugin <= 1.4.32 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Wordpress Wordpress
Wpxpo Wowoptin
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-29T09:52:04.440Z

Reserved: 2026-04-07T10:58:16.464Z

Link: CVE-2026-39700

cve-icon Vulnrichment

Updated: 2026-04-08T14:04:05.724Z

cve-icon NVD

Status : Deferred

Published: 2026-04-08T09:16:42.563

Modified: 2026-04-29T10:17:42.190

Link: CVE-2026-39700

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:40:19Z

Weaknesses