What the vulnerability does
01Description
Missing Authorization vulnerability in Proxy & VPN Blocker Proxy & VPN Blocker proxy-vpn-blocker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Proxy & VPN Blocker: from n/a through <= 3.5.3.
Explanation of Vulnerability in Simple Terms
02Summary
Proxy & VPN Blocker versions 3.5.3 and earlier lack proper authorization checks, allowing authenticated users to modify settings or data they should not access. An attacker with a low-privilege account can change configuration without proper permission validation. This affects the integrity of the blocker's rules and settings. Update to a version newer than 3.5.3.
What an attacker can do
03Attacker Capabilities
Modify blocker settings or data without proper authorization as a low-privilege user.
Potential impact on your site
04Site Impact
Unauthorized users can alter proxy/VPN blocking rules, potentially disabling protections or changing site behavior.
Conditions required to exploit
05Prerequisites
Attacker must have a valid low-privilege account on the site.
Key dates
06Disclosure timeline
January 6, 2026
CVE published
April 28, 2026
Record updated