What the vulnerability does
01Description
Missing Authorization vulnerability in anibalwainstein Effect Maker effect-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Effect Maker: from n/a through <= 1.2.1.
Explanation of Vulnerability in Simple Terms
02Summary
Effect Maker versions up to 1.2.1 lack proper authorization checks, allowing authenticated users to modify content they should not have access to. An attacker with a low-privilege account can change data integrity without needing special interaction. The vulnerability affects the application's ability to enforce role-based access controls.
What an attacker can do
03Attacker Capabilities
Modify or alter data in the application without proper authorization.
Potential impact on your site
04Site Impact
Unauthorized users can alter application data, compromising content integrity and trust.
Conditions required to exploit
05Prerequisites
Attacker must have a valid low-privilege user account on the system.
Key dates
06Disclosure timeline
November 6, 2025
CVE published
April 28, 2026
Record updated