What the vulnerability does
01Description
Missing Authorization vulnerability in Frank P. Walentynowicz FPW Category Thumbnails fpw-category-thumbnails allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FPW Category Thumbnails: from n/a through <= 1.9.5.
Explanation of Vulnerability in Simple Terms
02Summary
FPW Category Thumbnails versions 1.9.5 and earlier lack proper authorization checks, allowing authenticated users with low privileges to read, modify, or delete data they should not access. The vulnerability requires a valid user account but no special permissions. Site administrators should update to a version newer than 1.9.5 to restrict unauthorized data access.
What an attacker can do
03Attacker Capabilities
Read, modify, or delete data without proper authorization as a low-privilege authenticated user.
Potential impact on your site
04Site Impact
Authenticated users can access or alter sensitive data beyond their intended permissions, risking data integrity and confidentiality.
Conditions required to exploit
05Prerequisites
Attacker must have a valid user account with low privileges on the site.
Key dates
06Disclosure timeline
April 3, 2025
CVE published
April 28, 2026
Record updated