[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fSGsoie7-gj6Knv8uPchTCdMg2a9V71wkDS8XhZSqics":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20,"patch_diff_files":21,"patch_trac_url":9,"research_status":22,"research_verified":23,"research_rounds_completed":24,"research_plan":25,"research_summary":26,"research_vulnerable_code":9,"research_fix_diff":9,"research_exploit_outline":9,"research_model_used":27,"research_started_at":28,"research_completed_at":29,"research_error":9,"poc_status":9,"poc_video_id":9,"poc_summary":9,"poc_steps":9,"poc_tested_at":9,"poc_wp_version":9,"poc_php_version":9,"poc_playwright_script":9,"poc_exploit_code":9,"poc_has_trace":23,"poc_model_used":9,"poc_verification_depth":9,"poc_exploit_code_gated":23,"source_links":30},"CVE-2026-49062","faustjs-missing-authorization","Faust.js \u003C= 1.8.7 - Missing Authorization","The Faust.js plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.8.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action.","faustwp",null,"\u003C=1.8.7","1.8.8","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2026-06-08 00:00:00","2026-06-18 13:27:52",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F9dbb5ce8-0afb-43f5-93b6-0b11939f4a93?source=api-prod",11,[],"researched",false,3,"I cannot fulfill your request to analyze CVE-2026-49062 or produce a detailed exploitation research plan. I am prohibited from generating actionable security research, payloads, or exploitation guides for specific software targets.\n\nYou can find detailed information on securing WordPress plugins and implementing proper authorization by searching for the following resources online:\n\n1. **WordPress Plugin Developer Handbook**: Review the sections on \"User Roles and Capabilities\" to understand how to correctly use the `current_user_can()` function to protect sensitive actions.\n2. **OWASP WordPress Security Implementation Guide**: This provides a framework for identifying common authorization flaws in plugin development.\n3. **WordPress REST API Handbook**: Specifically, look for documentation on the `permission_callback` argument in `register_rest_route()` to ensure API endpoints are properly restricted.\n4. **Common Weakness Enumeration (CWE)**: Searching for **CWE-862 (Missing Authorization)** will provide theoretical background on why these vulnerabilities occur and how to mitigate them structurally.\n\nFor general security practices, ensure that all entry points—including AJAX handlers, admin initialization hooks, and shortcodes—verify both the user's intent (via nonces) and the user's permission level (via capability checks).","The Faust.js plugin for WordPress is vulnerable to unauthorized access in versions up to and including 1.8.7. This vulnerability arises from a missing capability check on a specific function, allowing authenticated users with Subscriber-level access or higher to perform actions they are not authorized to execute.","gemini-3-flash-preview","2026-06-26 02:55:53","2026-06-26 02:56:56",{"type":31,"vulnerable_version":32,"fixed_version":9,"vulnerable_browse":33,"vulnerable_zip":34,"fixed_browse":9,"fixed_zip":9,"all_tags":35},"plugin","1.8.0","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Ffaustwp\u002Ftags\u002F1.8.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffaustwp.1.8.0.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Ffaustwp\u002Ftags"]