CVE-2026-40778
Missing Authorization in Majestic Support β€ 1.1.2 Enables Unauthorized Access
Publication date: 2026-04-15
Last updated on: 2026-04-29
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| majestic_support | majestic_support | to 1.1.2 (inc) |
| ahmad | majestic_support | to 1.1.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
This vulnerability is a Missing Authorization issue in Majestic Support software. It occurs due to incorrectly configured access control security levels, which means that the software does not properly verify whether a user has the necessary permissions to perform certain actions.
How can this vulnerability impact me? :
Because of the missing authorization checks, unauthorized users might be able to access or perform actions they should not be allowed to. This can lead to unauthorized data access, modification, or other security breaches within the Majestic Support system.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability CVE-2026-40778 affects the Majestic Support WordPress plugin versions up to and including 1.1.2 due to missing authorization checks.
To mitigate this vulnerability immediately, users are strongly advised to update the Majestic Support plugin to version 1.1.3 or later, where the issue has been patched.
If updating is not feasible, it is recommended to seek assistance from hosting providers or developers to apply necessary fixes or protections.
Additionally, using Patchstack's auto-update feature for vulnerable plugins can help ensure timely updates and reduce risk.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is a broken access control issue in the Majestic Support WordPress plugin versions up to 1.1.2, allowing unauthenticated users to perform privileged actions due to missing authorization checks.
To detect this vulnerability on your system, you should first verify the version of the Majestic Support plugin installed on your WordPress site. If the version is 1.1.2 or lower, your system is vulnerable.
There are no specific commands provided in the available resources to detect exploitation attempts or scan for this vulnerability directly.
However, general detection steps include:
- Check the installed plugin version via WordPress admin dashboard or by inspecting the plugin files.
- Monitor web server logs for unusual or unauthorized access attempts to plugin endpoints.
- Use vulnerability scanners that support WordPress plugins to identify outdated or vulnerable versions.
To check the plugin version via command line, you can use WP-CLI (WordPress Command Line Interface) with the following command:
- wp plugin list --status=active
This will list all active plugins and their versions, allowing you to identify if Majestic Support is installed and its version.
If you want to search for suspicious HTTP requests related to the plugin, you can use commands like:
- grep -i 'majestic-support' /var/log/apache2/access.log
- or
- grep -i 'majestic-support' /var/log/nginx/access.log
These commands help identify potential exploitation attempts by searching for plugin-related requests in web server logs.
Ultimately, the recommended mitigation is to update the plugin to version 1.1.3 or later.