What the vulnerability does
01Description
Missing Authorization vulnerability in pluginoptimizer Plugin Optimizer plugin-optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Plugin Optimizer: from n/a through <= 1.3.7.
Explanation of Vulnerability in Simple Terms
02Summary
Plugin Optimizer versions up to 1.3.7 lack proper authorization checks, allowing authenticated users to modify site settings and cause service disruptions. An attacker with low-level access can alter plugin configurations or disable critical functionality without proper permission validation. The vulnerability requires a valid user account but no special privileges.
What an attacker can do
03Attacker Capabilities
Modify plugin settings and disable functionality, causing site downtime or malfunction.
Potential impact on your site
04Site Impact
Any authenticated user can disrupt your site by changing plugin settings or disabling critical features.
Conditions required to exploit
05Prerequisites
Attacker must have a valid user account with low-level access to the site.
Key dates
06Disclosure timeline
December 29, 2025
CVE published
April 28, 2026
Record updated