Description
Missing Authorization vulnerability in WP Media Adminimize allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects Adminimize: from n/a through 1.11.11.
Published: 2026-05-27
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Missing Authorization vulnerability in the WP Media Adminimize plugin allows an attacker to exploit incorrectly configured access control security levels. The flaw lets an unauthorized user manipulate or bypass the plugin’s configuration settings, potentially granting elevated privileges or altering administrative behavior. This weakness is identified as CWE-862, which concerns missing authorization checks.

Affected Systems

The vulnerability affects the Adminimize plugin provided by WP Media, affecting all installed versions from n/a up through 1.11.11. Users running any of these legacy releases are susceptible to the issue.

Risk and Exploitability

The CVSS score of 4.3 indicates a medium severity risk. Because the EPSS score is not provided and the vulnerability is not listed in CISA’s KEV catalog, the likelihood of widespread exploitation appears limited, though the attack vector is likely local or requires at least a logged‑in user to interact with the plugin’s configuration pages. The risk level mainly depends on the presence of privileged users on the site who could use the vulnerability to gain unauthorized configuration access.

Generated by OpenCVE AI on May 27, 2026 at 19:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Adminimize plugin to a version newer than 1.11.11 to obtain the vendor‑provided fix.
  • If an immediate update is not possible, disable the plugin or delete it from the WordPress installation to eliminate the attack surface.
  • Review and tighten role‑based access controls for the remaining WordPress installation to ensure no other plugins expose similar authorization gaps.

Generated by OpenCVE AI on May 27, 2026 at 19:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Wp Media
Wp Media adminimize
Vendors & Products Wordpress
Wordpress wordpress
Wp Media
Wp Media adminimize

Wed, 27 May 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 27 May 2026 15:15:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in WP Media Adminimize allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Adminimize: from n/a through 1.11.11.
Title WordPress Adminimize plugin <= 1.11.11 - Broken Access Control vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Wordpress Wordpress
Wp Media Adminimize
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-05-27T15:31:54.298Z

Reserved: 2026-05-27T08:41:55.487Z

Link: CVE-2026-49045

cve-icon Vulnrichment

Updated: 2026-05-27T15:31:42.348Z

cve-icon NVD

Status : Deferred

Published: 2026-05-27T15:16:32.950

Modified: 2026-06-17T10:55:27.560

Link: CVE-2026-49045

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T15:50:40Z

Weaknesses