CVE-2026-25330

🗓️ 19 Feb 2026 08:26:56Reported by PatchstackType

WordPress PublishPress Authors plugin suffers broken access and missing authorization up to 4.10.1.

Reporter	Title	Published	Views	Family All 8
ATTACKERKB	CVE-2026-25330	19 Feb 202608:26	–	attackerkb
CNNVD	WordPress plugin PublishPress Authors 安全漏洞	19 Feb 202600:00	–	cnnvd
Cvelist	CVE-2026-25330 WordPress PublishPress Authors plugin <= 4.10.1 - Broken Access Control vulnerability	19 Feb 202608:26	–	cvelist
NVD	CVE-2026-25330	19 Feb 202609:16	–	nvd
Patchstack	WordPress PublishPress Authors plugin <= 4.10.1 - Broken Access Control vulnerability	6 Feb 202607:21	–	patchstack
Positive Technologies	PT-2026-20698	19 Feb 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-25330	20 Feb 202613:27	–	redhatcve
Vulnrichment	CVE-2026-25330 WordPress PublishPress Authors plugin <= 4.10.1 - Broken Access Control vulnerability	19 Feb 202608:26	–	vulnrichment

Vulners

Node

publishpress publishpress_authorsRange≤4.10.1wordpress

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "publishpress-authors",
    "product": "PublishPress Authors",
    "vendor": "PublishPress",
    "versions": [
      {
        "changes": [
          {
            "at": "4.11.0",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "4.10.1",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
patchstack	www.patchstack.com/database/Wordpress/Plugin/publishpress-authors/vulnerability/wordpress-publishpress-authors-plugin-4-10-1-broken-access-control-vulnerability

28 Apr 2026 16:14Current

5.4Medium risk

Vulners AI Score5.4

CVSS 3.14.3

EPSS0.00039

SSVC

CWE-862