{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32562", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-03-12T11:12:48.311Z", "datePublished": "2026-03-25T16:15:12.284Z", "dateUpdated": "2026-04-29T09:52:01.624Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "password-protect-page", "product": "PPWP", "vendor": "WP Folio Team", "versions": [{"changes": [{"at": "1.9.16", "status": "unaffected"}], "lessThanOrEqual": "<= 1.9.15", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Doan Dinh Van | Patchstack Bug Bounty Program"}], "datePublic": "2026-03-25T17:12:43.686Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in WP Folio Team PPWP password-protect-page allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects PPWP: from n/a through <= 1.9.15.</p>"}], "value": "Missing Authorization vulnerability in WP Folio Team PPWP password-protect-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PPWP: from n/a through <= 1.9.15."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-29T09:52:01.624Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/password-protect-page/vulnerability/wordpress-ppwp-plugin-1-9-15-broken-access-control-vulnerability?_s_id=cve"}], "title": "WordPress PPWP plugin <= 1.9.15 - Broken Access Control vulnerability"}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-25T20:03:21.854767Z", "id": "CVE-2026-32562", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T20:03:55.965Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-32562", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-25T20:03:21.854767Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T20:02:40.000Z"}}], "cna": {"title": "WordPress PPWP plugin <= 1.9.15 - Broken Access Control vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "Doan Dinh Van | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "WP Folio Team", "product": "PPWP", "versions": [{"status": "affected", "changes": [{"at": "1.9.16", "status": "unaffected"}], "version": "n/a", "versionType": "custom", "lessThanOrEqual": "<= 1.9.15"}], "packageName": "password-protect-page", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "datePublic": "2026-03-25T17:12:43.686Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/password-protect-page/vulnerability/wordpress-ppwp-plugin-1-9-15-broken-access-control-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in WP Folio Team PPWP password-protect-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PPWP: from n/a through <= 1.9.15.", "supportingMedia": [{"type": "text/html", "value": "Missing Authorization vulnerability in WP Folio Team PPWP password-protect-page allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects PPWP: from n/a through <= 1.9.15.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "Missing Authorization"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-29T09:52:01.624Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32562", "state": "PUBLISHED", "dateUpdated": "2026-04-29T09:52:01.624Z", "dateReserved": "2026-03-12T11:12:48.311Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-03-25T16:15:12.284Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in WP Folio Team PPWP password-protect-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PPWP: from n/a through <= 1.9.15."}, {"lang": "es", "value": "Vulnerabilidad de Autorizaci\u00f3n Faltante en WP Folio Team PPWP password-protect-page permite Explotar Niveles de Seguridad de Control de Acceso Incorrectamente Configurados. Este problema afecta a PPWP: desde n/a hasta &lt;= 1.9.15."}], "id": "CVE-2026-32562", "lastModified": "2026-04-29T10:17:22.570", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "audit@patchstack.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-25T17:17:08.660", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/password-protect-page/vulnerability/wordpress-ppwp-plugin-1-9-15-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.9.15]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[1.9.16,*]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "PPWP", "source": "cna", "vendor": "WP Folio Team"}, "product": "ppwp", "vendor": "wp_folio_team"}], "analysis": {"en": {"generated_at": "2026-03-25T21:52:39.920871+00:00", "value": {"mitigation_remediation": ["Update the PPWP plugin to the latest version (greater than 1.9.15) to remove the broken authorization checks.", "Verify that all protected pages have appropriate password or role restrictions enabled and that the plugin settings enforce these rules.", "If updating the plugin is not possible, remove or disable the PPWP plugin until a fix is available."], "summary": {"action": "Immediate Patch", "impact": "Unauthorized Access to Protected Content"}, "threat_synthesis": {"affected_systems": "Affected systems include all WordPress sites that install the PPWP plugin from the WP Folio Team, specifically any instance running plugin version 1.9.15 or earlier. There is no specific operating system or WordPress core version requirement identified, so any site using the plugin within that range is potentially vulnerable.", "description_and_impact": "The vulnerability exists in the WP Folio Team PPWP password\u2011protect\u2011page plugin, version 1.9.15 and earlier. An attacker can bypass the plugin\u2019s authorization checks and gain access to pages that have been marked as protected. This broken access control flaw, identified as CWE\u2011862, allows unauthorized users to read sensitive content that should only be available to privileged members. The impact is limited to confidentiality of protected information rather than system compromise or execution of arbitrary code.", "risk_and_exploitability": "The vulnerability carries a CVSS base score of 5.4, classifying it as moderate. No EPSS score is available, and the flaw has not been listed in the CISA KEV catalog. The exploit path is straightforward: an attacker can target the password\u2011protect\u2011page URL without prior authentication, exploit the missing authorization logic, and retrieve the protected page content. Because the flaw is web\u2011based, no advanced access or privileged user enumeration is required, making it readily exploitable in a typical WordPress deployment."}}}}, "created": "2026-03-26T11:34:44.411114+00:00", "updated": "2026-03-26T12:12:08.614768+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress", "wp_folio_team", "wp_folio_team$PRODUCT$ppwp"]}