{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32514", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-03-12T11:12:13.806Z", "datePublished": "2026-03-25T16:15:06.016Z", "dateUpdated": "2026-03-25T16:15:06.016Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "petitioner", "product": "Petitioner", "vendor": "Anton Voytenko", "versions": [{"changes": [{"at": "0.7.4", "status": "unaffected"}], "lessThanOrEqual": "<= 0.7.3", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Nabil Irawan | Patchstack Bug Bounty Program"}], "datePublic": "2026-03-25T17:12:39.545Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in Anton Voytenko Petitioner petitioner allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Petitioner: from n/a through <= 0.7.3.</p>"}], "value": "Missing Authorization vulnerability in Anton Voytenko Petitioner petitioner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Petitioner: from n/a through <= 0.7.3."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-03-25T16:15:06.016Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/petitioner/vulnerability/wordpress-petitioner-plugin-0-7-3-broken-access-control-vulnerability?_s_id=cve"}], "title": "WordPress Petitioner plugin <= 0.7.3 - Broken Access Control vulnerability"}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Anton Voytenko Petitioner petitioner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Petitioner: from n/a through <= 0.7.3."}], "id": "CVE-2026-32514", "lastModified": "2026-03-25T17:17:03.830", "metrics": {}, "published": "2026-03-25T17:17:03.830", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/petitioner/vulnerability/wordpress-petitioner-plugin-0-7-3-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,0.7.3]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "0.7.4"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Petitioner", "source": "cna", "vendor": "Anton Voytenko"}, "product": "petitioner", "vendor": "anton_voytenko"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-03-25T18:28:54.677783+00:00", "value": {"mitigation_remediation": ["Upgrade the Petitioner plugin to the latest version that eliminates the authorization flaw.", "If an upgrade is not possible, remove or disable the Petitioner plugin from the WordPress installation.", "Restrict administrative access to trusted users and enforce role\u2011based permissions on the WordPress dashboard.", "Apply custom code that restricts access to the Petitioner functionality until a proper fix is applied.", "Regularly monitor the vendor\u2019s website or security advisories for patches or updates."], "summary": {"action": "Apply Patch", "impact": "Unauthorized access to restricted functions"}, "threat_synthesis": {"affected_systems": "WordPress sites that use the Anton Voytenko Petitioner plugin version 0.7.3 or earlier are affected. The vulnerability applies to all installations of the plugin with versions up to and including 0.7.3; no specific minor revisions are excluded in the advisory.", "description_and_impact": "The Petitioner plugin for WordPress contains a missing authorization flaw that permits an attacker to use incorrectly configured access control levels. This flaw allows unauthorized users to perform actions intended for privileged users, potentially creating, editing, or deleting petitions and compromising the integrity and confidentiality of the data stored in the system. The issue is a classic example of an authorization bypass, classified as CWE\u2011862.", "risk_and_exploitability": "No CVSS score is supplied, and EPSS information is unavailable, but the lack of access control typically results in a high risk of exploitation. The vulnerability is likely to be exploitable remotely via the web interface that the plugin provides, requiring only the ability to reach the WordPress site. Because the vulnerability is a direct authorization bypass, an attacker could fully compromise the plugin\u2019s intended restrictions. The CVE is not listed in CISA\u2019s Known Exploited Vulnerabilities catalog, yet any site still running the vulnerable plugin should treat this as a serious security issue."}}}}, "created": "2026-03-25T21:47:26.146527+00:00", "updated": "2026-03-26T11:35:18.869282+00:00", "vendors": ["anton_voytenko", "anton_voytenko$PRODUCT$petitioner", "wordpress", "wordpress$PRODUCT$wordpress"]}