{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31916", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-03-10T10:59:45.899Z", "datePublished": "2026-03-13T11:41:53.694Z", "dateUpdated": "2026-04-29T09:51:57.330Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "latest-post-shortcode", "product": "Latest Post Shortcode", "vendor": "Iulia Cazan", "versions": [{"changes": [{"at": "14.2.2", "status": "unaffected"}], "lessThanOrEqual": "14.2.1", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Doan Dinh Van | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:04:34.813Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in Iulia Cazan Latest Post Shortcode latest-post-shortcode allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Latest Post Shortcode: from n/a through <= 14.2.1.</p>"}], "value": "Missing Authorization vulnerability in Iulia Cazan Latest Post Shortcode latest-post-shortcode allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Latest Post Shortcode: from n/a through <= 14.2.1."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-29T09:51:57.330Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/latest-post-shortcode/vulnerability/wordpress-latest-post-shortcode-plugin-14-2-1-broken-access-control-vulnerability?_s_id=cve"}], "title": "WordPress Latest Post Shortcode plugin <= 14.2.1 - Broken Access Control vulnerability"}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-31916", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-13T18:44:07.685966Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T18:53:29.422Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-31916", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-13T18:44:07.685966Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T18:44:08.396Z"}}], "cna": {"title": "WordPress Latest Post Shortcode plugin <= 14.2.1 - Broken Access Control vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "Doan Dinh Van | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "affected": [{"vendor": "Iulia Cazan", "product": "Latest Post Shortcode", "versions": [{"status": "affected", "changes": [{"at": "14.2.2", "status": "unaffected"}], "version": "0", "versionType": "custom", "lessThanOrEqual": "14.2.1"}], "packageName": "latest-post-shortcode", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "datePublic": "2026-04-01T15:38:35.594Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/latest-post-shortcode/vulnerability/wordpress-latest-post-shortcode-plugin-14-2-1-broken-access-control-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Iulia Cazan Latest Post Shortcode latest-post-shortcode allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Latest Post Shortcode: from n/a through <= 14.2.1.", "supportingMedia": [{"type": "text/html", "value": "Missing Authorization vulnerability in Iulia Cazan Latest Post Shortcode latest-post-shortcode allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Latest Post Shortcode: from n/a through <= 14.2.1.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "Missing Authorization"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-01T13:38:43.993Z"}}}, "cveMetadata": {"cveId": "CVE-2026-31916", "state": "PUBLISHED", "dateUpdated": "2026-04-01T13:38:43.993Z", "dateReserved": "2026-03-10T10:59:45.899Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-03-13T11:41:53.694Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Iulia Cazan Latest Post Shortcode latest-post-shortcode allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Latest Post Shortcode: from n/a through <= 14.2.1."}, {"lang": "es", "value": "Vulnerabilidad de autorizaci\u00f3n faltante en Iulia Cazan Latest Post Shortcode latest-post-shortcode permite la explotaci\u00f3n de niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Latest Post Shortcode: desde n/a hasta &lt;= 14.2.1."}], "id": "CVE-2026-31916", "lastModified": "2026-04-29T10:16:56.767", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "audit@patchstack.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-13T19:54:38.613", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/latest-post-shortcode/vulnerability/wordpress-latest-post-shortcode-plugin-14-2-1-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,14.2.1]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[14.2.2,*]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Latest Post Shortcode", "source": "cna", "vendor": "Iulia Cazan"}, "product": "latest_post_shortcode", "vendor": "iulia_cazan"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-03-19T16:11:05.373736+00:00", "value": {"mitigation_remediation": ["Update the Latest Post Shortcode plugin to the newest available version.", "If an update is not immediately possible, disable the plugin to prevent exposure of the vulnerable functionality.", "Verify that WordPress role permissions are appropriately configured to limit access to restricted content.", "Monitor the vendor\u2019s website or security advisories for patch releases."], "summary": {"action": "Immediate Patch", "impact": "Unauthorized Access to Content"}, "threat_synthesis": {"affected_systems": "This issue affects the Iulia Cazan Latest Post Shortcode plugin in all releases from the earliest available version through version 14.2.1 inclusive. Any WordPress site that has this plugin installed and enabled in any of those versions is vulnerable.", "description_and_impact": "The vulnerability is a missing authorization flaw, classified as CWE-862, in the WordPress Latest Post Shortcode plugin up to version 14.2.1. It allows an attacker to bypass the plugin\u2019s configured access control settings and view content that should otherwise be restricted, such as drafts or private posts. The flaw does not explicitly provide a way to modify content, so the primary impact is a confidentiality breach.", "risk_and_exploitability": "The CVSS score of 5.3 indicates moderate severity. The EPSS score of less than 1% indicates that exploitation is unlikely in the wild, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred to be web-based; an attacker could reach the vulnerable code via any HTTP request that triggers the shortcode processing, provided appropriate role checks are missing."}}}}, "created": "2026-03-16T09:37:43.739871+00:00", "updated": "2026-03-23T09:59:29.665980+00:00", "vendors": ["iulia_cazan", "iulia_cazan$PRODUCT$latest_post_shortcode", "wordpress", "wordpress$PRODUCT$wordpress"]}