Access Control Vulnerability in Directory Pro by e-plugins
CVE-2026-27396
7.3HIGH
What is CVE-2026-27396?
Directory Pro, a directory management plugin by e-plugins, suffers from a missing authorization vulnerability that allows attackers to exploit incorrectly configured access control security levels. This results in unauthorized access to restricted areas. The vulnerability affects Directory Pro versions up to 2.5.6, emphasizing the need for prompt updates to maintain security.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Directory Pro <= n/a
References
CVSS V3.1
Score:
7.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Phat RiO | Patchstack Bug Bounty Program