CVE-2026-32428
Description
Missing Authorization vulnerability in Ays Pro Popup Like box ays-facebook-popup-likebox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup Like box: from n/a through <= 3.7.7.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Missing authorization in Popup Like Box plugin allows unauthenticated attackers to exploit access control flaws, leading to unauthorized actions.
Vulnerability
CVE-2026-32428 is a missing authorization vulnerability in the Popup Like Box plugin for WordPress (ays-facebook-popup-likebox) versions up to and including 3.7.7. The plugin fails to properly enforce access control checks, allowing attackers to exploit incorrectly configured security levels [1].
Exploitation
An unauthenticated attacker can exploit this vulnerability by sending crafted requests to the vulnerable plugin, bypassing authorization checks that should restrict access to privileged functions. No authentication is required, and the attack can be performed remotely over the network [1].
Impact
Successful exploitation enables an attacker to perform higher-privileged actions without proper authorization, potentially leading to unauthorized data access or modification. The vulnerability has a CVSS v3 base score of 5.3 (Medium) due to its low attack complexity and network attack vector [1].
Mitigation
The vulnerability is patched in version 3.7.8. Users are strongly advised to update the plugin immediately. For those unable to update, implementing additional access control measures or consulting with a security professional is recommended [1].
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.