Missing Authorization Vulnerability in Bowo Admin and Site Enhancements Plugin
CVE-2026-32423

5.4MEDIUM

Key Information:

Vendor

WordPress

Vendor
CVE Published:
13 March 2026

What is CVE-2026-32423?

A missing authorization vulnerability exists in the Bowo Admin and Site Enhancements (ASE) plugin, allowing attackers to exploit incorrectly configured access control security levels. This issue affects all versions up to and including 8.4.0, potentially compromising admin-level access to the site's functionalities and sensitive data. Site administrators should take immediate action by updating the plugin to safeguard their installations against unauthorized access.

Affected Version(s)

Admin and Site Enhancements (ASE) 0 <= 8.4.0

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Jakub Herman | Patchstack Bug Bounty Program
.