CVE 5.4 MEDIUM

WordPress DirectoryPress plugin <= 3.6.26 - Broken Access Control vulnerability_CVE-2026-27387

February 20, 2026 invoker category_cve
5.4 / 10
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Description

Missing Authorization vulnerability in designinvento DirectoryPress directorypress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a through <= 3.6.26.

Basic Information

ID CVE-2026-27387
Source Patchstack
Published Feb 19, 2026 at 20:35
Modified Feb 20, 2026 at 17:15

Affected Product

Vendor designinvento
Product DirectoryPress
Version n/a
Affected Versions designinvento DirectoryPress n/a

CWE Classification

CWE-862

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.