CVE-2026-32565
Received Received - Intake
Missing Authorization in WebberZone Contextual Related Posts

Publication date: 2026-03-18

Last updated on: 2026-04-29

Assigner: Patchstack

Description
Missing Authorization vulnerability in Ajay Contextual Related Posts contextual-related-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contextual Related Posts: from n/a through < 4.2.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-18
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-03-18
EPSS Evaluated
2026-06-15
NVD
CVE-2026-32565
EUVD
EUVD-2026-12812
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
webberzone contextual_related_posts to 4.2.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-32565 is a Broken Access Control vulnerability found in the WordPress Contextual Related Posts plugin versions before 4.2.2.

The issue arises because of missing authorization, authentication, or nonce token checks in certain functions, which allows unauthenticated users to perform actions that normally require higher privileges.

This means that anyone, even without logging in, can exploit the plugin to perform restricted actions due to incorrectly configured access control security levels.

Impact Analysis

[{'type': 'paragraph', 'content': 'The vulnerability has a CVSS score of 5.3, indicating a low severity impact.'}, {'type': 'paragraph', 'content': "However, because it allows unauthenticated users to perform privileged actions, it increases the risk of unauthorized access or manipulation of the plugin's functionality."}, {'type': 'paragraph', 'content': 'While it is unlikely to be exploited with significant impact, such vulnerabilities are often targeted in mass-exploit campaigns affecting many websites indiscriminately.'}, {'type': 'paragraph', 'content': 'Users are strongly advised to update to version 4.2.2 or later to mitigate this risk.'}] [1]

Compliance Impact

I don't know

Detection Guidance

This vulnerability arises from missing authorization checks in the WordPress Contextual Related Posts plugin versions prior to 4.2.2, allowing unauthenticated users to perform privileged actions.

Detection typically involves checking the plugin version installed on your WordPress site to see if it is below 4.2.2.

Since the vulnerability allows unauthenticated access to certain functions, monitoring web server logs for suspicious requests targeting the Contextual Related Posts plugin endpoints may help identify exploitation attempts.

No specific detection commands are provided in the available resources.

Mitigation Strategies

The primary and immediate mitigation step is to update the Contextual Related Posts plugin to version 4.2.2 or later, which contains the patch that fixes the broken access control vulnerability.

Users are strongly advised to apply this update as soon as possible to prevent exploitation.

Additionally, enabling automatic updates for plugins can help ensure rapid protection against such vulnerabilities in the future.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-32565. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart