What the vulnerability does
01Description
Missing Authorization vulnerability in cmsmasters CMSMasters Content Composer cmsmasters-content-composer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CMSMasters Content Composer: from n/a through <= 2.5.8.
Explanation of Vulnerability in Simple Terms
02Summary
CMSMasters Content Composer versions up to 2.5.8 lack proper authorization checks, allowing authenticated users with low privileges to read sensitive data and make limited modifications. An attacker with a basic user account can access information and perform actions they should not be permitted to. The vulnerability requires a valid login but no special interaction from the victim.
What an attacker can do
03Attacker Capabilities
Read sensitive data and make limited changes to the site using only a basic user account.
Potential impact on your site
04Site Impact
Any registered user can access confidential information and modify content beyond their intended permissions.
Conditions required to exploit
05Prerequisites
Attacker must have a low-privilege user account on the site; no victim interaction required.
Key dates
06Disclosure timeline
February 19, 2026
CVE published
April 28, 2026
Record updated