What the vulnerability does
01Description
Missing Authorization vulnerability in GhostPool Aardvark Plugin aardvark-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aardvark Plugin: from n/a through <= 2.19.
Explanation of Vulnerability in Simple Terms
02Summary
The Aardvark Plugin for GhostPool versions 2.19 and earlier lack proper authorization checks, allowing unauthenticated attackers to modify data or settings through network requests. No user interaction is required. The vulnerability affects the integrity of the plugin's functionality but does not expose sensitive information or cause service disruption.
What an attacker can do
03Attacker Capabilities
Modify plugin data or settings without authentication.
Potential impact on your site
04Site Impact
Attackers can alter plugin configuration or data, potentially disrupting site functionality or exposing the site to further compromise.
Conditions required to exploit
05Prerequisites
Network access to the site; no authentication or user interaction required.
Key dates
06Disclosure timeline
February 20, 2026
CVE published
April 28, 2026
Record updated