CVE-2026-32373
Received Received - Intake
Missing Authorization in Cozy Vision SMS Alert Order Notifications

Publication date: 2026-03-13

Last updated on: 2026-03-16

Assigner: Patchstack

Description
Missing Authorization vulnerability in Cozy Vision SMS Alert Order Notifications sms-alert allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SMS Alert Order Notifications: from n/a through <= 3.9.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-13
Last Modified
2026-03-16
Generated
2026-05-07
AI Q&A
2026-03-13
EPSS Evaluated
2026-05-05
NVD
CVE-2026-32373
EUVD
EUVD-2026-11872
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
cozy_vision_technologies_pvt_ltd sms_alert_order_notifications From 3.0.0 (inc) to 3.9.0 (inc)
cozy_vision sms_alert_order_notifications to 3.9.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2026-32373 is a Broken Access Control vulnerability in the WordPress SMS Alert Order Notifications Plugin versions up to and including 3.9.0.

The vulnerability arises from missing authorization, authentication, or nonce token checks within certain functions, which allows unprivileged users (with only subscriber-level privileges) to perform actions that should be restricted to higher-privileged roles.

This issue is classified under the OWASP Top 10 category A1: Broken Access Control.


How can this vulnerability impact me? :

This vulnerability allows unauthorized users to perform actions reserved for higher-privileged roles due to broken access control.

However, the CVSS severity score is 5.4, indicating a low priority and low impact threat.

Exploitation requires only subscriber-level privileges, but the overall impact is considered unlikely to be significant.

Users are advised to update to version 3.9.1 or later where the issue has been patched to mitigate the risk.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

[{'type': 'paragraph', 'content': 'To mitigate the CVE-2026-32373 vulnerability, you should update the SMS Alert Order Notifications WordPress plugin to version 3.9.1 or later, where the issue has been patched.'}, {'type': 'paragraph', 'content': "Additionally, consider using Patchstack's automated update service for vulnerable plugins to facilitate rapid mitigation."}] [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart