CVE-2026-40778
Received Received - Intake

Missing Authorization in Majestic Support ≀ 1.1.2 Enables Unauthorized Access

Vulnerability report for CVE-2026-40778, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-04-15

Last updated on: 2026-04-29

Assigner: Patchstack

Description

Missing Authorization vulnerability in Majestic Support Majestic Support majestic-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Majestic Support: from n/a through <= 1.1.2.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-04-15
Last Modified
2026-04-29
Generated
2026-07-06
AI Q&A
2026-04-15
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
majestic_support majestic_support to 1.1.2 (inc)
ahmad majestic_support to 1.1.2 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

This vulnerability is a Missing Authorization issue in Majestic Support software. It occurs due to incorrectly configured access control security levels, which means that the software does not properly verify whether a user has the necessary permissions to perform certain actions.

Impact Analysis

Because of the missing authorization checks, unauthorized users might be able to access or perform actions they should not be allowed to. This can lead to unauthorized data access, modification, or other security breaches within the Majestic Support system.

Mitigation Strategies

The vulnerability CVE-2026-40778 affects the Majestic Support WordPress plugin versions up to and including 1.1.2 due to missing authorization checks.

To mitigate this vulnerability immediately, users are strongly advised to update the Majestic Support plugin to version 1.1.3 or later, where the issue has been patched.

If updating is not feasible, it is recommended to seek assistance from hosting providers or developers to apply necessary fixes or protections.

Additionally, using Patchstack's auto-update feature for vulnerable plugins can help ensure timely updates and reduce risk.

Detection Guidance

This vulnerability is a broken access control issue in the Majestic Support WordPress plugin versions up to 1.1.2, allowing unauthenticated users to perform privileged actions due to missing authorization checks.

To detect this vulnerability on your system, you should first verify the version of the Majestic Support plugin installed on your WordPress site. If the version is 1.1.2 or lower, your system is vulnerable.

There are no specific commands provided in the available resources to detect exploitation attempts or scan for this vulnerability directly.

However, general detection steps include:

  • Check the installed plugin version via WordPress admin dashboard or by inspecting the plugin files.
  • Monitor web server logs for unusual or unauthorized access attempts to plugin endpoints.
  • Use vulnerability scanners that support WordPress plugins to identify outdated or vulnerable versions.

To check the plugin version via command line, you can use WP-CLI (WordPress Command Line Interface) with the following command:

  • wp plugin list --status=active

This will list all active plugins and their versions, allowing you to identify if Majestic Support is installed and its version.

If you want to search for suspicious HTTP requests related to the plugin, you can use commands like:

  • grep -i 'majestic-support' /var/log/apache2/access.log
  • or
  • grep -i 'majestic-support' /var/log/nginx/access.log

These commands help identify potential exploitation attempts by searching for plugin-related requests in web server logs.

Ultimately, the recommended mitigation is to update the plugin to version 1.1.3 or later.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-40778. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart