What the vulnerability does
01Description
Missing Authorization vulnerability in Anh Tran Falcon – WordPress Optimizations & Tweaks falcon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Falcon – WordPress Optimizations & Tweaks: from n/a through <= 2.8.3.
Explanation of Vulnerability in Simple Terms
02Summary
The Falcon WordPress plugin versions 2.8.3 and earlier lack proper authorization checks on certain administrative functions. A logged-in user with low privileges can modify site settings or data that should be restricted to administrators. The vulnerability requires an active WordPress account but no special interaction from other users.
What an attacker can do
03Attacker Capabilities
Modify WordPress settings or data restricted to administrators.
Potential impact on your site
04Site Impact
Unauthorized users can alter site configuration, potentially affecting site functionality or content integrity.
Conditions required to exploit
05Prerequisites
Attacker must have a low-privilege WordPress user account (e.g., subscriber or contributor).
Key dates
06Disclosure timeline
December 16, 2024
CVE published
April 28, 2026
Record updated