CVE-2026-32495
Received Received - Intake
Missing Authorization in WP Terms Popup Plugin Allows Unauthorized Access

Publication date: 2026-03-25

Last updated on: 2026-03-26

Assigner: Patchstack

Description
Missing Authorization vulnerability in Link Software LLC WP Terms Popup wp-terms-popup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Terms Popup: from n/a through <= 2.10.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-25
Last Modified
2026-03-26
Generated
2026-05-07
AI Q&A
2026-03-26
EPSS Evaluated
2026-05-05
NVD
CVE-2026-32495
EUVD
EUVD-2026-15839
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
link_software_llc wp_terms_popup to 2.10.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The provided information does not specify any direct impact of the CVE-2026-32495 vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.


Can you explain this vulnerability to me?

CVE-2026-32495 is a Broken Access Control vulnerability in the WordPress WP Terms Popup Plugin versions up to and including 2.10.0.

The issue arises from missing authorization, authentication, or nonce token checks within certain plugin functions, which allows unauthenticated users to perform actions that normally require higher privileges.

This means attackers do not need to be logged in or have any privileges to exploit this vulnerability.


How can this vulnerability impact me? :

Exploiting this vulnerability can allow unauthorized users to perform privileged actions on websites using the affected WP Terms Popup Plugin versions.

Although the impact is considered low priority and unlikely to be exploited with significant effect, such vulnerabilities are often targeted in mass-exploit campaigns affecting many websites indiscriminately.

If exploited, it could lead to unauthorized changes or actions on your website, potentially compromising site integrity or user trust.

Users are strongly advised to update to version 2.11.0 or later to mitigate this risk.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

The CVE-2026-32495 vulnerability is a Broken Access Control issue in the WP Terms Popup Plugin versions up to 2.10.0, caused by missing authorization checks allowing unauthenticated users to perform privileged actions.

There is no specific information provided about detection methods or commands to identify this vulnerability on your network or system.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, users are strongly advised to update the WP Terms Popup Plugin to version 2.11.0 or later, where the issue has been patched.

Patchstack offers automated updates for vulnerable plugins to facilitate rapid mitigation.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart