CVE-2026-32373
Received Received - Intake
Missing Authorization in Cozy Vision SMS Alert Order Notifications

Publication date: 2026-03-13

Last updated on: 2026-03-16

Assigner: Patchstack

Description
Missing Authorization vulnerability in Cozy Vision SMS Alert Order Notifications sms-alert allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SMS Alert Order Notifications: from n/a through <= 3.9.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-13
Last Modified
2026-03-16
Generated
2026-06-16
AI Q&A
2026-03-13
EPSS Evaluated
2026-06-15
NVD
CVE-2026-32373
EUVD
EUVD-2026-11872
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
cozy_vision_technologies_pvt_ltd sms_alert_order_notifications From 3.0.0 (inc) to 3.9.0 (inc)
cozy_vision sms_alert_order_notifications to 3.9.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-32373 is a Broken Access Control vulnerability in the WordPress SMS Alert Order Notifications Plugin versions up to and including 3.9.0.

The vulnerability arises from missing authorization, authentication, or nonce token checks within certain functions, which allows unprivileged users (with only subscriber-level privileges) to perform actions that should be restricted to higher-privileged roles.

This issue is classified under the OWASP Top 10 category A1: Broken Access Control.

Impact Analysis

This vulnerability allows unauthorized users to perform actions reserved for higher-privileged roles due to broken access control.

However, the CVSS severity score is 5.4, indicating a low priority and low impact threat.

Exploitation requires only subscriber-level privileges, but the overall impact is considered unlikely to be significant.

Users are advised to update to version 3.9.1 or later where the issue has been patched to mitigate the risk.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

[{'type': 'paragraph', 'content': 'To mitigate the CVE-2026-32373 vulnerability, you should update the SMS Alert Order Notifications WordPress plugin to version 3.9.1 or later, where the issue has been patched.'}, {'type': 'paragraph', 'content': "Additionally, consider using Patchstack's automated update service for vulnerable plugins to facilitate rapid mitigation."}] [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-32373. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart