{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25011", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-01-28T09:51:50.023Z", "datePublished": "2026-02-03T14:08:38.782Z", "dateUpdated": "2026-04-28T16:14:53.291Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "wp-custom-admin-interface", "product": "WP Custom Admin Interface", "vendor": "Northern Beaches Websites", "versions": [{"changes": [{"at": "7.42", "status": "unaffected"}], "lessThanOrEqual": "7.41", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Legion Hunter | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:04:58.507Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects WP Custom Admin Interface: from n/a through <= 7.41.</p>"}], "value": "Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through <= 7.41."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:53.291Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/wp-custom-admin-interface/vulnerability/wordpress-wp-custom-admin-interface-plugin-7-41-broken-access-control-vulnerability?_s_id=cve"}], "title": "WordPress WP Custom Admin Interface plugin <= 7.41 - Broken Access Control vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-03T15:09:14.662127Z", "id": "CVE-2026-25011", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T12:45:40.800Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-25011", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-03T15:09:14.662127Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-03T15:08:47.859Z"}}], "cna": {"title": "WordPress WP Custom Admin Interface plugin <= 7.41 - Broken Access Control vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "Legion Hunter | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Northern Beaches Websites", "product": "WP Custom Admin Interface", "versions": [{"status": "affected", "changes": [{"at": "7.42", "status": "unaffected"}], "version": "0", "versionType": "custom", "lessThanOrEqual": "7.41"}], "packageName": "wp-custom-admin-interface", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "datePublic": "2026-04-01T16:04:58.507Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/wp-custom-admin-interface/vulnerability/wordpress-wp-custom-admin-interface-plugin-7-41-broken-access-control-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through <= 7.41.", "supportingMedia": [{"type": "text/html", "value": "Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects WP Custom Admin Interface: from n/a through <= 7.41.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "Missing Authorization"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:53.291Z"}}}, "cveMetadata": {"cveId": "CVE-2026-25011", "state": "PUBLISHED", "dateUpdated": "2026-04-28T16:14:53.291Z", "dateReserved": "2026-01-28T09:51:50.023Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-02-03T14:08:38.782Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through <= 7.41."}, {"lang": "es", "value": "Vulnerabilidad de Autorizaci\u00f3n faltante en Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a WP Custom Admin Interface: desde n/a hasta &lt;= 7.41."}], "id": "CVE-2026-25011", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-02-03T15:16:19.323", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/wp-custom-admin-interface/vulnerability/wordpress-wp-custom-admin-interface-plugin-7-41-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-16T01:12:47.223045+00:00", "value": {"mitigation_remediation": ["Upgrade WP Custom Admin Interface to version 7.42 or later to receive the authorization fix", "Restrict access to admin\u2011only pages by reviewing user roles and limiting privileges within WordPress", "Enable additional security layers such as WAF rules or role\u2011based access plugins to prevent accidental or intentional misuse of administrative functions"], "summary": {"action": "Apply Patch", "impact": "Broken Access Control"}, "threat_synthesis": {"affected_systems": "The flaw affects the Northern Beaches Websites WP Custom Admin Interface plugin for all releases up to and including version 7.41. Users running any version in the range n/a through 7.41 are exposed to the risk.", "description_and_impact": "The WP Custom Admin Interface plugin fails to enforce proper authorization checks, allowing users who lack sufficient privileges to reach protected administrative pages. This missing authorization flaw permits unauthorized users to perform actions that should be restricted to administrators, potentially exposing sensitive configuration or data. The vulnerability is a classic example of CWE-862, which describes missing authorization mechanisms.", "risk_and_exploitability": "The CVSS score of 4.3 indicates a moderate severity, and the EPSS score of less than 1% suggests a low probability of widespread exploitation at this time. The vulnerability is not listed in CISA\u2019s KEV catalog. While the attack likely involves interacting with web pages or API endpoints that should be role\u2011restricted, no advanced exploitation or remote code execution is documented. Nonetheless, the potential for unauthorized configuration changes warrants timely remediation."}}}}, "created": "2026-02-04T12:09:32.799171+00:00", "updated": "2026-04-16T01:15:20.536071+00:00", "vendors": ["northern_beaches_websites", "northern_beaches_websites$PRODUCT$wp_custom_admin_interface", "wordpress", "wordpress$PRODUCT$wordpress"]}