CVE-2026-32408
Received Received - Intake
Missing Authorization in Brizy ≀ 2.7.23 Enables Unauthorized Access

Publication date: 2026-03-13

Last updated on: 2026-04-29

Assigner: Patchstack

Description
Missing Authorization vulnerability in themefusecom Brizy brizy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brizy: from n/a through <= 2.7.23.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-13
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-03-13
EPSS Evaluated
2026-06-15
NVD
CVE-2026-32408
EUVD
EUVD-2026-11925
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
themefuse brizy to 2.7.23 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-32408 is a Broken Access Control vulnerability in the WordPress Brizy Plugin versions up to and including 2.7.23. It occurs due to missing authorization, authentication, or nonce token checks in certain functions. This allows unprivileged users to perform actions that should be restricted to higher privilege levels such as contributors or developers.

Impact Analysis

This vulnerability can allow users without proper privileges to perform actions reserved for higher privilege roles, potentially leading to unauthorized changes or access within the WordPress site. However, the risk is considered low with a CVSS score of 4.3, and exploitation is unlikely.

Users are advised to update to version 2.7.24 or later to mitigate this issue.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

The vulnerability in the WordPress Brizy Plugin up to version 2.7.23 is caused by broken access control allowing unprivileged users to perform higher privilege actions.

To mitigate this vulnerability, users should update the Brizy plugin to version 2.7.24 or later, where the issue has been patched.

Additionally, Patchstack offers automated updates for vulnerable plugins to provide rapid protection.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-32408. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart