CVE-2026-49045
Deferred Deferred - Pending Action
Missing Authorization in Adminimize Plugin

Publication date: 2026-05-27

Last updated on: 2026-05-27

Assigner: Patchstack

Description
Missing Authorization vulnerability in WP Media Adminimize allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Adminimize: from n/a through 1.11.11.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-05-27
Generated
2026-06-17
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-49045
EUVD
EUVD-2026-32536
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
adminimize adminimize to 1.11.11 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a Missing Authorization issue in the WP Media Adminimize plugin. It occurs because of incorrectly configured access control security levels, which means that certain actions or resources may be accessible without proper authorization checks.

Impact Analysis

The vulnerability can allow unauthorized users with limited privileges to access or exploit parts of the Adminimize plugin that should be restricted. This could lead to unauthorized information disclosure or manipulation of media settings.

Compliance Impact

The provided information does not specify any direct impact of the CVE-2026-49045 vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Mitigation Strategies

The vulnerability affects Adminimize plugin versions up to and including 1.11.11 and allows unprivileged users to perform actions requiring higher privileges due to missing authorization checks.

As of the report date, there is no official patch available for this vulnerability.

Immediate mitigation steps include updating the plugin immediately if an update becomes available, or seeking assistance from your hosting provider or web developer to implement access control restrictions or other protective measures.

Detection Guidance

This vulnerability involves missing authorization checks in the WordPress Adminimize plugin up to version 1.11.11, allowing unprivileged users to perform restricted actions.

Detection typically involves verifying the plugin version installed on your WordPress site and testing whether users with Subscriber-level access can perform actions that should require higher privileges.

Since this is an application-level access control issue, network-level detection commands are not directly applicable.

To detect the vulnerable plugin version, you can use WP-CLI commands such as:

  • wp plugin list --status=active
  • wp plugin get adminimize --field=version

To test for the vulnerability, attempt to perform restricted Adminimize actions while logged in as a Subscriber user and observe if unauthorized access is possible.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-49045. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart