What the vulnerability does
01Description
Missing Authorization vulnerability in CreativeMindsSolutions CM Pop-Up banners cm-pop-up-banners allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CM Pop-Up banners: from n/a through <= 1.8.4.
Explanation of Vulnerability in Simple Terms
02Summary
CM Pop-Up Banners versions 1.8.4 and earlier lack proper authorization checks, allowing authenticated users to access sensitive information they should not be able to view. An attacker with a low-privilege account can read data intended for higher-privilege users. The vulnerability requires valid login credentials but no additional user interaction.
What an attacker can do
03Attacker Capabilities
Read sensitive data or information restricted to higher-privilege users.
Potential impact on your site
04Site Impact
Authenticated users can view restricted information; data confidentiality is at risk.
Conditions required to exploit
05Prerequisites
Valid login account with low-level privileges; network access to the site.
Key dates
06Disclosure timeline
July 16, 2025
CVE published
May 13, 2026
Record updated