WP-CORS Plugin Missing Authorization, Unsecured Data Exposure

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

4.3

WP-CORS Plugin Missing Authorization, Unsecured Data Exposure

CVE-2026-25410

Summary

The WP-CORS plugin has a security bug that could allow unauthorized access to sensitive data. This affects WP-CORS plugin versions up to 0.2.2. To protect your site, update your plugin to the latest version.

Original title

Missing Authorization vulnerability in tstephenson WP-CORS wp-cors allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CORS: from n/a through <= 0.2.2.

Original description

Missing Authorization vulnerability in tstephenson WP-CORS wp-cors allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CORS: from n/a through <= 0.2.2.

nvd CVSS3.1 4.3

Vulnerability type

CWE-862 Missing Authorization

https://patchstack.com/database/Wordpress/Plugin/wp-cors/vulnerability/wordpress...

Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026