What the vulnerability does
01Description
Missing Authorization vulnerability in softpulseinfotech SP Blog Designer sp-blog-designer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SP Blog Designer: from n/a through <= 1.0.0.
Explanation of Vulnerability in Simple Terms
02Summary
SP Blog Designer versions 1.0.0 and earlier lack proper authorization checks, allowing unauthenticated attackers to read and modify limited data through network requests. The vulnerability requires specific conditions to exploit and has low impact on confidentiality and integrity. No authentication is needed, but attack complexity is high.
What an attacker can do
03Attacker Capabilities
Read and modify some data without logging in, but with significant technical constraints.
Potential impact on your site
04Site Impact
Unauthorized users may access or alter limited blog data depending on how the plugin is configured.
Conditions required to exploit
05Prerequisites
Network access to the site; no authentication required, but exploitation requires specific conditions.
Key dates
06Disclosure timeline
March 31, 2025
CVE published
April 28, 2026
Record updated