CVE-2026-42677
Missing Authorization in WP Document Revisions Plugin
Publication date: 2026-06-01
Last updated on: 2026-06-01
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ben_balter | wp_document_revisions | From 3.8.1 (inc) to 4.0.0 (exc) |
| ben_balter | wp_document_revisions | to 4.0.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-42677 is a Missing Authorization vulnerability in the WordPress WP Document Revisions Plugin, specifically affecting versions 3.8.1 and earlier. This issue is a Broken Access Control flaw that allows unauthenticated users to perform actions that normally require higher privileges because the plugin lacks proper authorization checks.
How can this vulnerability impact me? :
This vulnerability can have a high impact as it allows attackers without any authentication to execute privileged actions within the affected plugin. This could lead to unauthorized access or manipulation of documents managed by the plugin. The CVSS score of 7.5 indicates a high risk, and the vulnerability could be exploited in widespread attacks targeting thousands of websites.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability allows unauthenticated users to perform actions requiring higher privileges due to missing authorization checks in the WP Document Revisions plugin versions 3.8.1 and earlier.
To detect this vulnerability on your system or network, you can check the version of the WP Document Revisions plugin installed on your WordPress site. If the version is 3.8.1 or earlier, it is vulnerable.
There are no specific commands provided in the available resources to detect exploitation attempts or scan for this vulnerability.
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to update the WP Document Revisions plugin to version 4.0.0 or later, where the issue has been patched.
Until the update can be applied, it is recommended to use the mitigation rule provided by Patchstack to block attacks targeting this vulnerability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in the WP Document Revisions plugin allows unauthenticated users to perform actions requiring higher privileges due to missing authorization checks. This broken access control can lead to unauthorized access to sensitive documents or data.
Such unauthorized access can result in violations of data protection regulations like GDPR and HIPAA, which mandate strict access controls to protect personal and sensitive information. Failure to properly restrict access could lead to data breaches, non-compliance penalties, and reputational damage.
Therefore, this vulnerability negatively impacts compliance with common standards and regulations by undermining required access control security levels.