CVE-2026-32416
Received Received - Intake
Missing Authorization in bPlugins PDF Poster

Publication date: 2026-03-13

Last updated on: 2026-03-13

Assigner: Patchstack

Description
Missing Authorization vulnerability in bPlugins PDF Poster pdf-poster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF Poster: from n/a through <= 2.4.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-13
Last Modified
2026-03-13
Generated
2026-06-16
AI Q&A
2026-03-13
EPSS Evaluated
2026-06-15
NVD
CVE-2026-32416
EUVD
EUVD-2026-11937
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
bplugins pdf_poster to 2.4.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-32416 is a Broken Access Control vulnerability in the WordPress PDF Poster Plugin versions up to and including 2.4.0.

The issue arises from missing authorization, authentication, or nonce token checks within certain plugin functions.

This allows unprivileged users, such as those with Contributor or Developer roles, to perform actions that should be restricted to higher-privileged roles.

The vulnerability falls under the OWASP Top 10 category A1: Broken Access Control.

Impact Analysis

[{'type': 'paragraph', 'content': 'This vulnerability can allow users with lower privileges to perform unauthorized actions within the PDF Poster plugin.'}, {'type': 'paragraph', 'content': 'Such unauthorized actions could lead to limited integrity and availability impacts, as indicated by the CVSS score vector (C:N/I:L/A:L).'}, {'type': 'paragraph', 'content': 'The overall CVSS severity score is 5.4, indicating a low priority and low impact threat.'}, {'type': 'paragraph', 'content': "However, it still poses a security risk by allowing privilege escalation within the plugin's functionality."}] [1]

Compliance Impact

I don't know

Detection Guidance

This vulnerability arises from missing authorization checks in the WordPress PDF Poster Plugin up to version 2.4.0, allowing users with Contributor or Developer privileges to perform unauthorized actions.

Detection involves verifying the plugin version installed on your WordPress site and checking for unauthorized access attempts or privilege escalations related to the PDF Poster plugin.

  • Check the installed version of the PDF Poster plugin via the WordPress admin dashboard or by running: wp plugin list | grep pdf-poster
  • Review web server logs for suspicious requests targeting PDF Poster plugin endpoints that could indicate exploitation attempts.
  • Use WordPress CLI commands to audit user roles and permissions, ensuring no unprivileged users have elevated access.
Mitigation Strategies

The primary mitigation step is to update the PDF Poster plugin to version 2.4.1 or later, where the vulnerability has been patched.

Additionally, consider restricting user roles to prevent unprivileged users from having Contributor or Developer privileges unless necessary.

Utilize automated update tools such as Patchstack to rapidly apply security patches to vulnerable plugins.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-32416. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart