WP Terms Popup – Terms and Conditions and Privacy Policy WordPress Popups < 2.11.0 – Missing Authorization | CVE 2026-32495 | Plugin Vulnerabilities

Description

The WP Terms Popup – Terms and Conditions and Privacy Policy WordPress Popups plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.10.0. This makes it possible for unauthenticated attackers to perform an unauthorized action.

Affects Plugins

Fixed in 2.11.0

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/62c80ca5-9007-4916-b4e8-a436dc1cfaf2

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Nabil Irawan

Verified

No

WPVDB ID

b0f35c6f-09f3-4cc2-ae90-1b5f32f36906

Timeline

Publicly Published

2026-03-20 (about 2 months ago)

Added

2026-03-27 (about 2 months ago)

Last Updated

2026-03-27 (about 2 months ago)

Other

Published

Title

Published

2025-04-11

Title

WooCommerce Loyal Customers <= 2.6 - Missing Authorization

Published

2026-02-13

Title

Easy Form Builder < 3.9.4 - Missing Authorization to Authenticated (Subscriber+) Sensitive Form Response Data Exposure

Published

2023-01-05

Title

Social Warfare < 4.3.1 - Subscriber+ Post Meta Deletion

Published

2025-10-16

Title

Acknowledgify < 1.1.4 - Missing Authorization

Published

2024-08-09

Title

Persian WooCommerce < 9.0.0 - Missing Authorization