What the vulnerability does
01Description
Missing Authorization vulnerability in solwininfotech Blog Designer blog-designer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Blog Designer: from n/a through <= 3.1.8.
Explanation of Vulnerability in Simple Terms
02Summary
Blog Designer through version 3.1.8 fails to properly check user permissions before allowing modifications to blog content and settings. A logged-in user with low privileges can alter or disable blogs they should not have access to. The vulnerability requires an active user account but no special interaction from victims.
What an attacker can do
03Attacker Capabilities
Modify or disable blogs belonging to other users without proper authorization.
Potential impact on your site
04Site Impact
Unauthorized users can alter or disable blog content and settings, disrupting site operations and data integrity.
Conditions required to exploit
05Prerequisites
Attacker must have a low-privilege user account on the site.
Key dates
06Disclosure timeline
September 22, 2025
CVE published
April 28, 2026
Record updated