{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32421", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-03-12T11:11:26.570Z", "datePublished": "2026-03-13T11:42:16.295Z", "dateUpdated": "2026-04-29T09:51:59.122Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "post-timeline", "product": "Post Timeline", "vendor": "Agile Logix", "versions": [{"changes": [{"at": "2.4.2", "status": "unaffected"}], "lessThanOrEqual": "2.4.1", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Alexis Lafontaine | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:06:14.709Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in Agile Logix Post Timeline post-timeline allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Post Timeline: from n/a through <= 2.4.1.</p>"}], "value": "Missing Authorization vulnerability in Agile Logix Post Timeline post-timeline allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Timeline: from n/a through <= 2.4.1."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-29T09:51:59.122Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/post-timeline/vulnerability/wordpress-post-timeline-plugin-2-4-1-broken-access-control-vulnerability?_s_id=cve"}], "title": "WordPress Post Timeline plugin <= 2.4.1 - Broken Access Control vulnerability"}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-32421", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-13T18:46:10.765008Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T18:53:32.978Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-32421", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-13T18:46:10.765008Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T18:46:11.487Z"}}], "cna": {"title": "WordPress Post Timeline plugin <= 2.4.1 - Broken Access Control vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "Alexis Lafontaine | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "affected": [{"vendor": "Agile Logix", "product": "Post Timeline", "versions": [{"status": "affected", "changes": [{"at": "2.4.2", "status": "unaffected"}], "version": "0", "versionType": "custom", "lessThanOrEqual": "2.4.1"}], "packageName": "post-timeline", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "datePublic": "2026-04-01T16:06:14.709Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/post-timeline/vulnerability/wordpress-post-timeline-plugin-2-4-1-broken-access-control-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Agile Logix Post Timeline post-timeline allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Timeline: from n/a through <= 2.4.1.", "supportingMedia": [{"type": "text/html", "value": "Missing Authorization vulnerability in Agile Logix Post Timeline post-timeline allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Post Timeline: from n/a through <= 2.4.1.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "Missing Authorization"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-01T14:16:13.894Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32421", "state": "PUBLISHED", "dateUpdated": "2026-04-01T14:16:13.894Z", "dateReserved": "2026-03-12T11:11:26.570Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-03-13T11:42:16.295Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Agile Logix Post Timeline post-timeline allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Timeline: from n/a through <= 2.4.1."}, {"lang": "es", "value": "Vulnerabilidad de autorizaci\u00f3n faltante en Agile Logix Post Timeline post-timeline permite la explotaci\u00f3n de niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Post Timeline: desde n/a hasta &lt;= 2.4.1."}], "id": "CVE-2026-32421", "lastModified": "2026-04-29T10:17:08.317", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "audit@patchstack.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-13T19:54:59.883", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/post-timeline/vulnerability/wordpress-post-timeline-plugin-2-4-1-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.4.1]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[2.4.2,*]"}}], "enrichment": {"confidence": 98.0, "confidence_source": "matching", "scores": [{"score": 98.0, "source": "matching"}]}, "original": {"product": "Post Timeline", "source": "cna", "vendor": "Agile Logix"}, "product": "post_timeline", "vendor": "agilelogix"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-03-19T15:18:46.482499+00:00", "value": {"mitigation_remediation": ["Upgrade Post Timeline to a version newer than 2.4.1 if an update is available", "If an upgrade is not possible, disable the Post Timeline plugin until a patch is released", "Check the vendor\u2019s website or the WP plugin repository regularly for security updates or vendor advisories"], "summary": {"action": "Patch", "impact": "Unauthorized data disclosure or modification due to broken access control"}, "threat_synthesis": {"affected_systems": "The affected product is the Agile Logix \u201cPost Timeline\u201d WordPress plugin. All releases from the earliest noted versions up through 2.4.1 are impacted; any installation using a version equal to or older than 2.4.1 is vulnerable.", "description_and_impact": "A missing authorization check in the Agile Logix Post Timeline plugin allows attackers to bypass configured access control levels. The vulnerability makes it possible to access or alter post\u2011timeline data that should be restricted, potentially exposing sensitive content or changing site state without proper privileges. The weakness corresponds to CWE\u2011862, indicating a direct flaw in access control enforcement.", "risk_and_exploitability": "The CVSS score is 5.3, indicating a moderate severity. The EPSS score is less than 1\u202f%, suggesting a low likelihood of exploitation at present, and the vulnerability is not listed in the CISA KEV catalog. Based on the description it is inferred that the attack vector requires in\u2011application access; an attacker with the ability to send crafted requests to the plugin endpoints could potentially exploit the missing access control to read or modify posts. Precise exploitation prerequisites are not detailed in the data."}}}}, "created": "2026-03-16T09:33:51.153574+00:00", "updated": "2026-03-23T12:03:43.033143+00:00", "vendors": ["agilelogix", "agilelogix$PRODUCT$post_timeline", "wordpress", "wordpress$PRODUCT$wordpress"]}