What the vulnerability does
01Description
Missing Authorization vulnerability in Ronald Huereca Highlight and Share highlight-and-share allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Highlight and Share: from n/a through <= 5.2.0.
Explanation of Vulnerability in Simple Terms
02Summary
Highlight and Share versions up to 5.2.0 lack proper authorization checks, allowing an attacker to perform unauthorized actions. The vulnerability requires user interaction and network access but does not require authentication. An attacker can exploit this by tricking a user into visiting a malicious link, potentially affecting the confidentiality and integrity of site data.
What an attacker can do
03Attacker Capabilities
Perform unauthorized actions and access or modify site data without proper permission.
Potential impact on your site
04Site Impact
Unauthorized users may read or modify site content or settings if a visitor is tricked into clicking a link.
Conditions required to exploit
05Prerequisites
User must click a malicious link or visit an attacker-controlled page; no authentication required.
Key dates
06Disclosure timeline
December 9, 2025
CVE published
April 28, 2026
Record updated