CVE-2026-42677
Deferred Deferred - Pending Action
Missing Authorization in WP Document Revisions Plugin

Publication date: 2026-06-01

Last updated on: 2026-06-01

Assigner: Patchstack

Description
Missing Authorization vulnerability in Ben Balter WP Document Revisions allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Document Revisions: from n/a before 4.0.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-01
Last Modified
2026-06-01
Generated
2026-06-21
AI Q&A
2026-06-01
EPSS Evaluated
2026-06-20
NVD
CVE-2026-42677
EUVD
EUVD-2026-33686
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
ben_balter wp_document_revisions From 3.8.1 (inc) to 4.0.0 (exc)
ben_balter wp_document_revisions to 4.0.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-42677 is a Missing Authorization vulnerability in the WordPress WP Document Revisions Plugin, specifically affecting versions 3.8.1 and earlier. This issue is a Broken Access Control flaw that allows unauthenticated users to perform actions that normally require higher privileges because the plugin lacks proper authorization checks.

Impact Analysis

This vulnerability can have a high impact as it allows attackers without any authentication to execute privileged actions within the affected plugin. This could lead to unauthorized access or manipulation of documents managed by the plugin. The CVSS score of 7.5 indicates a high risk, and the vulnerability could be exploited in widespread attacks targeting thousands of websites.

Detection Guidance

This vulnerability allows unauthenticated users to perform actions requiring higher privileges due to missing authorization checks in the WP Document Revisions plugin versions 3.8.1 and earlier.

To detect this vulnerability on your system or network, you can check the version of the WP Document Revisions plugin installed on your WordPress site. If the version is 3.8.1 or earlier, it is vulnerable.

There are no specific commands provided in the available resources to detect exploitation attempts or scan for this vulnerability.

Mitigation Strategies

The immediate step to mitigate this vulnerability is to update the WP Document Revisions plugin to version 4.0.0 or later, where the issue has been patched.

Until the update can be applied, it is recommended to use the mitigation rule provided by Patchstack to block attacks targeting this vulnerability.

Compliance Impact

The vulnerability in the WP Document Revisions plugin allows unauthenticated users to perform actions requiring higher privileges due to missing authorization checks. This broken access control can lead to unauthorized access to sensitive documents or data.

Such unauthorized access can result in violations of data protection regulations like GDPR and HIPAA, which mandate strict access controls to protect personal and sensitive information. Failure to properly restrict access could lead to data breaches, non-compliance penalties, and reputational damage.

Therefore, this vulnerability negatively impacts compliance with common standards and regulations by undermining required access control security levels.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-42677. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart