WordPress Plugin Vulnerabilities

PDF Poster < 2.4.1 - Missing Authorization

Description

The PDF Poster plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.4.0. This makes it possible for authenticated attackers, with contributor-level access and above, to perform an unauthorized action.

Affects Plugins

Plugin icon
pdf-poster
Fixed in 2.4.1

References

CVE
CVE-2026-32416
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/66988357-af1a-4763-b814-9092b86e51ef

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Nabil Irawan
Verified
No
WPVDB ID
8dbfaf50-1bd7-45fe-8c1d-1536bea5ed94

Timeline

Publicly Published
2026-02-25 (about 2 months ago)
Added
2026-04-15 (about 27 days ago)
Last Updated
2026-04-15 (about 27 days ago)

Other

Published
Title
Published
2025-10-24
Title
MDTF < 1.3.4 - Missing Authorization
Published
2025-04-03
Title
Uncanny Automator < 6.4.0 - Subscriber+ Privilege Escalation
Published
2025-10-11
Title
Togo < 1.0.4 - Missing Authorization
Published
2025-10-30
Title
Accessibility Toolkit by WebYes < 2.0.5 - Missing Authorization
Published
2026-03-26
Title
Seriously Simple Podcasting < 3.14.3 - Missing Authorization