Description
Missing Authorization vulnerability in Mulika Team MIPL WC Multisite Sync mipl-wc-multisite-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MIPL WC Multisite Sync: from n/a through <= 1.4.4.
Published: 2026-04-08
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: unauthorized access to multisite sync functions
Action: Update
AI Analysis

Impact

A missing authorization check in the Mulika Team MIPL WC Multisite Sync WordPress plugin allows an attacker to exercise functionality that should be limited to privileged users, such as synchronizing data across sites or altering plugin settings. This can lead to unauthorized data manipulation or privilege escalation if other vulnerabilities are present.

Affected Systems

WordPress sites that have the MIPL WC Multisite Sync plugin installed and are running version 1.4.4 or earlier are affected. Any site using these versions is potentially vulnerable.

Risk and Exploitability

The CVSS score is not disclosed and EPSS data is unavailable, indicating no current public exploitation reports. The likely attack vector is via unauthenticated or insufficiently authenticated web requests to the plugin’s administrative endpoints where the access control check is omitted. The vulnerability exploits a missing authorization control, so it requires the attacker to reach the plugin’s endpoints; the complexity and effort are moderate, and the potential impact includes unauthorized data handling and possible escalation in the site’s ecosystem.

Generated by OpenCVE AI on April 8, 2026 at 10:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Contact the plugin developer or consult the vendor’s security advisories to confirm a patch is available.
  • When a patched version is released, upgrade the MIPL WC Multisite Sync plugin to the latest build.
  • If an update cannot be applied immediately, disable the plugin or restrict access to the WordPress admin area for users who do not need bulk sync functionality.
  • Monitor the site for unusual sync activity or configuration changes that could indicate exploitation attempts.

Generated by OpenCVE AI on April 8, 2026 at 10:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Mulika Team
Mulika Team mipl Wc Multisite Sync
Wordpress
Wordpress wordpress
Vendors & Products Mulika Team
Mulika Team mipl Wc Multisite Sync
Wordpress
Wordpress wordpress

Wed, 08 Apr 2026 08:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Mulika Team MIPL WC Multisite Sync mipl-wc-multisite-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MIPL WC Multisite Sync: from n/a through <= 1.4.4.
Title WordPress MIPL WC Multisite Sync plugin <= 1.4.4 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Mulika Team Mipl Wc Multisite Sync
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-08T08:30:47.550Z

Reserved: 2026-04-07T10:58:22.476Z

Link: CVE-2026-39705

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-08T09:16:43.230

Modified: 2026-04-08T21:26:13.410

Link: CVE-2026-39705

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:40:13Z

Weaknesses