CVE-2026-48973
Deferred Deferred - Pending Action
Missing Authorization in SVG Support Plugin

Publication date: 2026-05-27

Last updated on: 2026-05-27

Assigner: Patchstack

Description
Missing Authorization vulnerability in Benbodhi SVG Support allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SVG Support: from n/a through 2.5.14.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-05-27
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-48973
EUVD
EUVD-2026-32526
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
benbodhi svg_support to 2.5.14 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a Missing Authorization issue in Benbodhi SVG Support. It allows attackers to exploit incorrectly configured access control security levels, meaning that the system does not properly verify whether a user has permission to perform certain actions.

Impact Analysis

The impact of this vulnerability is limited to integrity loss, as indicated by the CVSS score. An attacker with low privileges could exploit the missing authorization to perform unauthorized actions that could alter data or system behavior without causing confidentiality or availability issues.

Compliance Impact

The vulnerability in the Benbodhi SVG Support Plugin allows unprivileged users to perform higher-privileged actions due to missing authorization checks, which constitutes a broken access control issue.

Such broken access control vulnerabilities can potentially lead to unauthorized access or modification of data, which may impact compliance with standards and regulations like GDPR or HIPAA that require strict access controls to protect sensitive information.

However, the provided information does not explicitly state the direct impact on compliance with these regulations.

Detection Guidance

The vulnerability in the WordPress SVG Support Plugin allows unprivileged users to perform higher-privileged actions due to missing authorization checks.

There is no specific detection command or signature provided for this vulnerability.

To detect exploitation attempts, monitoring for unusual privilege escalation activities or unauthorized access attempts related to the SVG Support plugin may help.

Since no official patch or detection tools are available, it is recommended to review web server logs for suspicious requests targeting the SVG Support plugin endpoints.

Mitigation Strategies

Immediate mitigation steps include updating the SVG Support plugin if a newer secure version becomes available.

Since no official patch is currently available, you should seek assistance from your hosting provider or a web developer to implement temporary access control restrictions.

Using vulnerability mitigation services such as those provided by Patchstack, which include rapid protection and threat intelligence, is recommended.

Additionally, consider disabling the SVG Support plugin if it is not essential to reduce the attack surface.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-48973. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart