CVE-2026-32541
Description
Missing Authorization vulnerability in Premmerce Premmerce Redirect Manager premmerce-redirect-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premmerce Redirect Manager: from n/a through <= 1.0.12.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The Premmerce Redirect Manager plugin for WordPress up to version 1.0.12 has a missing authorization vulnerability allowing unauthenticated attackers to exploit broken access controls.
Vulnerability
Overview
The Premmerce Redirect Manager plugin for WordPress, versions from inception through 1.0.12, suffers from a missing authorization vulnerability [1]. This broken access control issue means that certain functions or endpoints within the plugin do not properly verify that the requesting user has the necessary privileges, such as administrative or editor-level permissions. The root cause is the absence of adequate capability checks or nonce tokens, enabling potential exploitation of incorrectly configured access control security levels [1].
Exploitation
Details
An attacker can exploit this vulnerability without requiring authentication or any special network position [1]. The attack vector is over the network, and the low complexity suggests that automated tools can easily replicate the exploit. Given the plugin's integration with WordPress, an attacker could send crafted HTTP requests to the vulnerable plugin endpoints to perform unauthorized actions. The vulnerability is considered moderately dangerous and is expected to be leveraged in mass-exploit campaigns, targeting thousands of websites regardless of their traffic or popularity [1].
Impact
Successful exploitation allows an attacker to carry out actions that should be restricted to higher-privileged users, such as administrators. Depending on the specific broken functionality, this could include modifying redirect rules, altering site configurations, or potentially escalating privileges further. The overall CVSS v3 base score of 6.5 reflects a medium severity, with impacts on confidentiality, integrity, and availability likely being limited but still significant.
Mitigation
The vendor has released a patched version 1.0.13 to resolve the vulnerability [1]. Users are strongly advised to update the Premmerce Redirect Manager plugin to version 1.0.13 or later immediately. For those unable to update, a mitigation rule is available from Patchstack to block attacks until the update can be applied [1]. Since this vulnerability is expected to be exploited in automated campaigns, prompt action is critical to prevent compromise.
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.