What the vulnerability does
01Description
Missing Authorization vulnerability in Rouergue Création Editor Custom Color Palette editor-custom-color-palette allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Editor Custom Color Palette: from n/a through <= 3.5.6.
Explanation of Vulnerability in Simple Terms
02Summary
Editor Custom Color Palette versions 3.5.6 and earlier lack proper access controls, allowing authenticated users with low privileges to read sensitive data they should not access. The vulnerability requires a valid user account but no special interaction. An attacker with basic user permissions can view confidential information stored within the plugin.
What an attacker can do
03Attacker Capabilities
Read sensitive data they should not have access to.
Potential impact on your site
04Site Impact
Unauthorized users can access confidential information stored in the plugin.
Conditions required to exploit
05Prerequisites
Valid user account with low-level privileges; network access to the site.
Key dates
06Disclosure timeline
September 22, 2025
CVE published
April 28, 2026
Record updated