{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32416", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-03-12T11:11:19.857Z", "datePublished": "2026-03-13T11:42:15.425Z", "dateUpdated": "2026-04-29T09:51:59.108Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "pdf-poster", "product": "PDF Poster", "vendor": "bPlugins", "versions": [{"changes": [{"at": "2.4.1", "status": "unaffected"}], "lessThanOrEqual": "2.4.0", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Nabil Irawan | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:06:17.032Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in bPlugins PDF Poster pdf-poster allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects PDF Poster: from n/a through <= 2.4.0.</p>"}], "value": "Missing Authorization vulnerability in bPlugins PDF Poster pdf-poster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF Poster: from n/a through <= 2.4.0."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-29T09:51:59.108Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/pdf-poster/vulnerability/wordpress-pdf-poster-plugin-2-4-0-broken-access-control-vulnerability?_s_id=cve"}], "title": "WordPress PDF Poster plugin <= 2.4.0 - Broken Access Control vulnerability"}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-13T18:18:52.373098Z", "id": "CVE-2026-32416", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T18:19:12.356Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-32416", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-13T18:18:52.373098Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T18:18:12.436Z"}}], "cna": {"title": "WordPress PDF Poster plugin <= 2.4.0 - Broken Access Control vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "Nabil Irawan | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "affected": [{"vendor": "bPlugins", "product": "PDF Poster", "versions": [{"status": "affected", "changes": [{"at": "2.4.1", "status": "unaffected"}], "version": "n/a", "versionType": "custom", "lessThanOrEqual": "<= 2.4.0"}], "packageName": "pdf-poster", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "datePublic": "2026-03-13T12:41:19.310Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/pdf-poster/vulnerability/wordpress-pdf-poster-plugin-2-4-0-broken-access-control-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in bPlugins PDF Poster pdf-poster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF Poster: from n/a through <= 2.4.0.", "supportingMedia": [{"type": "text/html", "value": "Missing Authorization vulnerability in bPlugins PDF Poster pdf-poster allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects PDF Poster: from n/a through <= 2.4.0.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "Missing Authorization"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-03-13T11:42:15.425Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32416", "state": "PUBLISHED", "dateUpdated": "2026-03-13T18:19:12.356Z", "dateReserved": "2026-03-12T11:11:19.857Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-03-13T11:42:15.425Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in bPlugins PDF Poster pdf-poster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF Poster: from n/a through <= 2.4.0."}, {"lang": "es", "value": "Vulnerabilidad de autorizaci\u00f3n faltante en bPlugins PDF Poster pdf-poster permite la explotaci\u00f3n de niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a PDF Poster: desde n/a hasta &lt;= 2.4.0."}], "id": "CVE-2026-32416", "lastModified": "2026-04-22T21:30:26.497", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-13T19:54:58.923", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/pdf-poster/vulnerability/wordpress-pdf-poster-plugin-2-4-0-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.4.0]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[2.4.1,*]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "PDF Poster", "source": "cna", "vendor": "bPlugins"}, "product": "pdf_poster", "vendor": "bplugins"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-03-19T15:20:28.451842+00:00", "value": {"mitigation_remediation": ["Update the PDF Poster plugin to a version newer than 2.4.0 to eliminate the missing authorization flaw.", "If an immediate update is not feasible, remove or deactivate the PDF Poster plugin from the WordPress installation to prevent unauthorized access.", "Monitor user activity and audit logs for signs of unauthorized use of the plugin\u2019s features.", "Check the vendor\u2019s website or plugin repository for further advisories or new patches and apply them promptly."], "summary": {"action": "Patch Update", "impact": "Unauthorized Access / Data Exposure"}, "threat_synthesis": {"affected_systems": "The issue affects the PDF Poster plugin from all versions indicated as \"n/a\" through version 2.4.0. The vulnerability is reported against the bPlugins:PDF Poster product.", "description_and_impact": "This vulnerability is a Missing Authorization flaw (CWE-862) in the bPlugins PDF Poster WordPress plugin. It allows an attacker to exploit incorrectly configured access control security levels, enabling unauthorized use of plugin functionality. The result could be unauthorized access to protected data or actions within the site, affecting confidentiality and potentially the integrity of the application. The CVSS score of 5.4 indicates a moderate severity risk from a security standpoint.", "risk_and_exploitability": "The CVSS score is 5.4 and the EPSS score is below 1%, indicating a low probability of existing exploitation in the wild; however, it is still listed in the advisory database rather than the CISA KEV catalog. Attackers would likely need to send crafted HTTP requests to the plugin\u2019s endpoints that expose administrative or privileged actions, bypassing normal authentication checks. The vulnerability can be exploited by users without proper permissions or with minimal user credentials."}}}}, "created": "2026-03-16T09:33:56.158832+00:00", "updated": "2026-03-23T12:03:47.477971+00:00", "vendors": ["bplugins", "bplugins$PRODUCT$pdf_poster", "wordpress", "wordpress$PRODUCT$wordpress"]}