What the vulnerability does
01Description
Missing Authorization vulnerability in Essential Plugin Featured Post Creative featured-post-creative allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Post Creative: from n/a through <= 1.5.5.
Explanation of Vulnerability in Simple Terms
02Summary
Featured Post Creative versions 1.5.5 and earlier lack proper authorization checks, allowing authenticated users to modify post content they should not have access to. The vulnerability requires a valid user account but does not require administrator privileges. Integrity of published content may be compromised if an attacker modifies posts belonging to other users.
What an attacker can do
03Attacker Capabilities
Modify or alter post content belonging to other users on the site.
Potential impact on your site
04Site Impact
Unauthorized users could alter published posts, potentially spreading misinformation or damaging site credibility.
Conditions required to exploit
05Prerequisites
Attacker must have a valid user account with at least low-level privileges; no special interaction required.
Key dates
06Disclosure timeline
November 21, 2025
CVE published
April 28, 2026
Record updated