Description
Unauthenticated Broken Access Control in Gutenverse Companion <= 2.5.0 versions.
Published: 2026-06-26
Score: 7.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a broken access control that allows an unauthenticated attacker to perform privileged operations within the Gutenverse Companion plugin. The flaw originates from improper permission checks for administrative actions, corresponding to CWE-862. An attacker could alter plugin settings or expose sensitive data without authentication, compromising the integrity and confidentiality of the WordPress site.

Affected Systems

The affected product is the Gutenverse Companion plugin developed by Jegstudio. Versions up to and including 2.5.0 are impacted; newer releases contain the fix.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity, while the EPSS score is currently unavailable. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector involves an unauthenticated request to the plugin’s administrative endpoints, possibly through crafted HTTP requests or malicious links. Exploitation would require no special prerequisites beyond access to the site’s network.

Generated by OpenCVE AI on June 26, 2026 at 16:49 UTC.

Remediation

Vendor Solution

Update the WordPress Gutenverse Companion Plugin to the latest available version (at least 2.5.1).

OpenCVE Recommended Actions

  • Update the WordPress Gutenverse Companion plugin to version 2.5.1 or newer.
  • If a patch cannot be applied immediately, temporarily deactivate the Gutenverse Companion plugin until an updated version is available.
  • Ensure that WordPress admin interfaces enforce proper authentication and scope for all plugin configuration pages.

Generated by OpenCVE AI on June 26, 2026 at 16:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 26 Jun 2026 15:15:00 +0000

Type Values Removed Values Added
Description Unauthenticated Broken Access Control in Gutenverse Companion <= 2.5.0 versions.
Title WordPress Gutenverse Companion plugin <= 2.5.0 - Broken Access Control vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-06-26T17:43:57.418Z

Reserved: 2026-06-16T09:21:57.268Z

Link: CVE-2026-54832

cve-icon Vulnrichment

Updated: 2026-06-26T17:35:21.569Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T17:00:04Z

Weaknesses