Broken Access Control in Another WordPress Classifieds Plugin by Strategy11 Team
CVE-2026-42726

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: AWP Classifieds
Vendor: CVE Published:; 27 May 2026

What is CVE-2026-42726?

A missing authorization vulnerability in the Another WordPress Classifieds Plugin by Strategy11 Team allows attackers to exploit incorrectly configured access control security levels. This issue affects versions of the plugin from n/a up to and including 4.4.5. When the access controls are not properly enforced, unauthorized users can potentially gain access to sensitive functions and data, leading to security breaches.

Affected Version(s)

AWP Classifieds 0 <= 4.4.5

References

https://patchstack.com/database/Wordpress/Plugin/another-...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
Apr 29, 2026

Credit

she11f | Patchstack Bug Bounty Program

CVE-2026-42726 Data

JSON