CVE-2026-32562

MEDIUM EXPLOITED

WordPress PPWP plugin <= 1.9.15 - Broken Access Control vulnerability

Title source: cna

Exploitation Summary

CVE-2026-32562 has been observed exploited in the wild (reported by VulnCheck KEV).

Description

Missing Authorization vulnerability in WP Folio Team PPWP password-protect-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PPWP: from n/a through <= 1.9.15.

References (1)

Core 1

Core References

Vdb Entry vdb-entry

https://patchstack.com/database/Wordpress/Plugin/password-protect-page/vulnerability/wordpress-ppwp-plugin-1-9-15-broken-access-control-vulnerability?_s_id=cve

Scores

CVSS v3 5.4

EPSS 0.0013

EPSS Percentile 3.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

VulnCheck KEV 2026-03-23

CWE

CWE-862

Status published

Products (1)

WP Folio Team/PPWP < <= 1.9.15

Published Mar 25, 2026

Tracked Since Mar 25, 2026