Executive Summary

CVE-2026-27362 is a Missing Authorization vulnerability in the WP Bakery Autoresponder Addon Plugin (versions up to and including 1.0.6). It is a Broken Access Control issue where certain plugin functions lack proper authorization, authentication, or nonce token checks. This allows unauthenticated users to perform actions that normally require higher privileges.

The vulnerability is classified as medium priority with a CVSS score of 6.5 and falls under the OWASP Top 10 category A1: Broken Access Control.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can allow unauthenticated attackers to perform privileged actions within the WP Bakery Autoresponder Addon Plugin without proper authorization. This could lead to unauthorized changes or access to sensitive plugin functions, potentially compromising the security and integrity of your WordPress site.

Since no official patch is available yet, the risk remains until mitigation measures are applied.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

[{'type': 'paragraph', 'content': 'The vulnerability arises from missing authorization and authentication checks in the WP Bakery Autoresponder Addon Plugin, allowing unauthenticated users to perform privileged actions.'}, {'type': 'paragraph', 'content': "Detection would involve monitoring for unauthorized access attempts or unusual activity targeting the plugin's functions."}, {'type': 'paragraph', 'content': 'Specific commands or detection signatures are not provided in the available resources.'}] [1]

Useful 0 Not Useful 0

Mitigation Strategies

Since no official patch is available as of the publication date, immediate mitigation involves applying Patchstack’s mitigation rules to block exploitation attempts.

Users are advised to implement these mitigation measures immediately to protect their websites from unauthorized access through this vulnerability.

Useful 0 Not Useful 0