What the vulnerability does
01Description
Missing Authorization vulnerability in Zapier Zapier for WordPress zapier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zapier for WordPress: from n/a through <= 1.5.2.
Explanation of Vulnerability in Simple Terms
02Summary
The Zapier for WordPress plugin through version 1.5.2 does not properly check user permissions before allowing access to certain functions. A logged-in user with low privileges can read or modify data they should not have access to. Update the plugin to a version newer than 1.5.2.
What an attacker can do
03Attacker Capabilities
Read or modify data without proper authorization as a low-privilege logged-in user.
Potential impact on your site
04Site Impact
Unauthorized users can access or change sensitive plugin data; site data integrity is at risk.
Conditions required to exploit
05Prerequisites
Attacker must have a low-privilege WordPress account (e.g., subscriber or contributor).
Key dates
06Disclosure timeline
June 20, 2025
CVE published
April 28, 2026
Record updated