Description
Missing Authorization vulnerability in Broadstreet Broadstreet Ads broadstreet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Broadstreet Ads: from n/a through <= 1.52.2.
Published: 2026-05-12
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Broadstreet Ads plugin for WordPress suffers from a missing authorization control that allows users to exploit incorrectly configured security levels. An attacker who gains access to the plugin’s administrative interface can potentially read, modify, or delete advertising data or alter plugin settings. The weakness is classified as CWE‑862 and is a medium‑severity vulnerability with a CVSS score of 5.4. The exact exploitation vector is not specified, but it is likely tied to the plugin’s configuration and user privileges within WordPress.

Affected Systems

This flaw affects the Broadstreet Ads WordPress plugin versions 1.52.2 and earlier. The vulnerable code resides in the Broadstreet Ads component of WordPress installations that have not upgraded beyond this version. No other vendors or products are listed.

Risk and Exploitability

With a CVSS score of 5.4, the vulnerability presents a moderate risk. Exploitation requires the attacker to interact with the WordPress site and potentially to have a user account with sufficient privileges to reach the plugin’s configuration pages. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, indicating no confirmed widespread exploitation yet. Nevertheless, the missing authorization layer could allow unauthorized users to tamper with advertising data or settings if they are able to log into the WordPress dashboard or inject requests that bypass normal permission checks.

Generated by OpenCVE AI on May 12, 2026 at 12:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Broadstreet Ads plugin to the latest version (1.52.3 or newer) to receive the vendor’s fix for the authorization control flaw.
  • If an upgrade is not immediately possible, restrict the plugin’s access by limiting the WordPress user roles that can install or configure it, or by using site‑wide role restrictions to ensure only administrators can modify advertising settings.
  • Audit existing WordPress installations to ensure that users with roles other than administrators cannot access or modify the Broadstreet Ads plugin’s configuration or data.

Generated by OpenCVE AI on May 12, 2026 at 12:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 12:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 12 May 2026 11:15:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Broadstreet Broadstreet Ads broadstreet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Broadstreet Ads: from n/a through <= 1.52.2.
Title WordPress Broadstreet Ads plugin <= 1.52.2 - Broken Access Control vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-05-12T12:04:47.372Z

Reserved: 2026-05-11T14:11:52.756Z

Link: CVE-2026-45210

cve-icon Vulnrichment

Updated: 2026-05-12T12:04:28.163Z

cve-icon NVD

Status : Deferred

Published: 2026-05-12T11:16:20.357

Modified: 2026-05-12T14:03:52.757

Link: CVE-2026-45210

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T12:30:15Z

Weaknesses