Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.4
DirectoryPress: Unauthorized Access to Sensitive Data
CVE-2026-27387
Summary
A security issue in DirectoryPress could allow an attacker to access sensitive data or features they shouldn't be able to access. This affects DirectoryPress versions up to 3.6.26, so update to a newer version to fix the issue. Update to a version higher than 3.6.26 to ensure your site's security.
Original title
Missing Authorization vulnerability in designinvento DirectoryPress directorypress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/...
Original description
Missing Authorization vulnerability in designinvento DirectoryPress directorypress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a through <= 3.6.26.
nvd CVSS3.1
5.4
Vulnerability type
CWE-862
Missing Authorization
Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026