What the vulnerability does
01Description
Missing Authorization vulnerability in AndonDesign UDesign Core u-design-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UDesign Core: from n/a through <= 4.14.0.
Explanation of Vulnerability in Simple Terms
02Summary
UDesign Core versions up to 4.14.0 lack proper authorization checks on certain functions. An attacker with low-level user access can read, modify, or delete data without proper permission validation. The vulnerability affects confidentiality, integrity, and availability of site data. Update to a version newer than 4.14.0.
What an attacker can do
03Attacker Capabilities
Read, modify, or delete data they should not have access to.
Potential impact on your site
04Site Impact
Unauthorized users can access, change, or remove sensitive site data and content.
Conditions required to exploit
05Prerequisites
Attacker must have a low-level user account on the site.
Key dates
06Disclosure timeline
October 22, 2025
CVE published
April 28, 2026
Record updated