CVE-2026-32546
Received Received - Intake
Missing Authorization in StellarWP Restrict Content Plugin

Publication date: 2026-03-25

Last updated on: 2026-04-29

Assigner: Patchstack

Description
Missing Authorization vulnerability in StellarWP Restrict Content restrict-content allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restrict Content: from n/a through <= 3.2.22.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-25
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-03-25
EPSS Evaluated
2026-06-14
NVD
CVE-2026-32546
EUVD
EUVD-2026-15925
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
stellarwp restrict_content to 3.2.22 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

CVE-2026-32546 is a broken access control vulnerability that allows unauthorized users to perform actions requiring higher privileges in the WordPress Restrict Content Plugin. Such unauthorized access could potentially lead to exposure or modification of protected content or data.

While the provided information does not explicitly mention compliance with standards like GDPR or HIPAA, broken access control vulnerabilities generally pose risks to data confidentiality and integrity, which are critical aspects of these regulations.

Therefore, if exploited, this vulnerability could negatively impact compliance with regulations that require strict access controls and protection of sensitive data, such as GDPR and HIPAA.

Executive Summary

This vulnerability is a Missing Authorization issue in the StellarWP Restrict Content plugin. It occurs due to incorrectly configured access control security levels, which means that the plugin does not properly restrict access to certain content or features.

Impact Analysis

The impact of this vulnerability is that unauthorized users may gain access to restricted content or features that should be protected. This could lead to exposure of sensitive information or unauthorized actions within the system.

Detection Guidance

This vulnerability involves broken access control in the WordPress Restrict Content Plugin versions up to and including 3.2.22, allowing unauthorized privilege escalation due to missing authorization checks.

Detection typically involves verifying the plugin version installed on your WordPress site to see if it is vulnerable (version ≀ 3.2.22).

You can check the plugin version by running commands on your server such as:

  • Using WP-CLI: wp plugin list | grep restrict-content
  • Manually checking the plugin version in the plugin's main PHP file, e.g., cat wp-content/plugins/restrict-content/restrict-content.php | grep 'Version'

Additionally, monitoring for unusual privilege escalation attempts or unauthorized actions in your WordPress logs may help detect exploitation attempts, but no specific detection commands or signatures are provided.

Mitigation Strategies

The immediate and recommended mitigation step is to update the WordPress Restrict Content Plugin to version 3.2.23 or later, which contains the patch that fixes this broken access control vulnerability.

If you use Patchstack, enabling auto-updates specifically for vulnerable plugins can ensure rapid protection against this and similar vulnerabilities.

Since the vulnerability is due to missing authorization checks, avoid using or exposing vulnerable plugin versions until patched.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-32546. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart