CVE-2026-32495
Received Received - Intake
Missing Authorization in WP Terms Popup Plugin Allows Unauthorized Access

Publication date: 2026-03-25

Last updated on: 2026-03-26

Assigner: Patchstack

Description
Missing Authorization vulnerability in Link Software LLC WP Terms Popup wp-terms-popup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Terms Popup: from n/a through <= 2.10.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-25
Last Modified
2026-03-26
Generated
2026-06-16
AI Q&A
2026-03-26
EPSS Evaluated
2026-06-15
NVD
CVE-2026-32495
EUVD
EUVD-2026-15839
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
link_software_llc wp_terms_popup to 2.10.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of the CVE-2026-32495 vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-32495 is a Broken Access Control vulnerability in the WordPress WP Terms Popup Plugin versions up to and including 2.10.0.

The issue arises from missing authorization, authentication, or nonce token checks within certain plugin functions, which allows unauthenticated users to perform actions that normally require higher privileges.

This means attackers do not need to be logged in or have any privileges to exploit this vulnerability.

Impact Analysis

Exploiting this vulnerability can allow unauthorized users to perform privileged actions on websites using the affected WP Terms Popup Plugin versions.

Although the impact is considered low priority and unlikely to be exploited with significant effect, such vulnerabilities are often targeted in mass-exploit campaigns affecting many websites indiscriminately.

If exploited, it could lead to unauthorized changes or actions on your website, potentially compromising site integrity or user trust.

Users are strongly advised to update to version 2.11.0 or later to mitigate this risk.

Detection Guidance

The CVE-2026-32495 vulnerability is a Broken Access Control issue in the WP Terms Popup Plugin versions up to 2.10.0, caused by missing authorization checks allowing unauthenticated users to perform privileged actions.

There is no specific information provided about detection methods or commands to identify this vulnerability on your network or system.

Mitigation Strategies

To mitigate this vulnerability, users are strongly advised to update the WP Terms Popup Plugin to version 2.11.0 or later, where the issue has been patched.

Patchstack offers automated updates for vulnerable plugins to facilitate rapid mitigation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-32495. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart