CVE-2026-42642
Missing Authorization in GiveWP Plugin Allows Unauthorized Access
Publication date: 2026-04-29
Last updated on: 2026-04-29
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| stellarwp | givewp | to 4.14.5 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Missing Authorization issue in the StellarWP GiveWP plugin. It occurs due to incorrectly configured access control security levels, which means that certain actions or data may be accessible without proper permission checks.
Can you explain this vulnerability to me?
This vulnerability is a Missing Authorization issue in the StellarWP GiveWP plugin. It occurs due to incorrectly configured access control security levels, which means that certain actions or data may be accessible without proper permission checks. The affected versions are GiveWP up to and including 4.14.5.
How can this vulnerability impact me? :
The vulnerability allows unauthorized access to certain features or data within the GiveWP plugin. Since the CVSS score indicates a low complexity and no privileges required, an attacker could exploit this remotely without user interaction. The impact is limited to information disclosure (confidentiality loss) without affecting integrity or availability.
How can this vulnerability impact me? :
The impact of this vulnerability is that unauthorized users could potentially access or exploit parts of the GiveWP plugin that should be restricted. According to the CVSS score of 5.3, it allows network attackers with no privileges and no user interaction to gain limited confidentiality impact, meaning some sensitive information could be exposed.