CVE-2026-32440
Description
Missing Authorization vulnerability in Ex-Themes WP Food wp-food allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Food: from n/a through < 2.7.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Missing authorization in WP Food plugin allows unprivileged users to execute higher privileged actions, patched in version 2.7.1.
Vulnerability
CVE-2026-32440 is a missing authorization vulnerability in the WordPress WP Food plugin, affecting versions prior to 2.7.1. The plugin fails to properly enforce access controls, allowing users with lower privileges to perform actions intended for higher-privileged roles.
Exploitation
The vulnerability can be exploited by any unauthenticated or low-privileged user who can craft requests to the affected functions. No special network position is required, making it accessible to remote attackers.
Impact
Successful exploitation could allow an attacker to access or modify sensitive data, execute administrative functions, or otherwise compromise the site's security. The CVSS score of 5.3 (Medium) reflects the potential for unauthorized access.
Mitigation
The issue is resolved in version 2.7.1 of the WP Food plugin. Users are strongly advised to update immediately. Patchstack users can enable auto-updates for vulnerable plugins.
Reference: [1]
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.