CVE-2026-42677: WordPress WP Document Revisions plugin <= 3.8.1 - Broken Access Control vulnerability

Synopsis

This is a broken access control vulnerability in the WP Document Revisions WordPress plugin, versions up to and including 3.8.1. The flaw is reachable over the network without any authentication, meaning an unauthenticated remote attacker can send crafted requests to exploit misconfigured authorization checks. Successful exploitation allows an attacker to read documents and revisions that should be restricted, disclosing confidential content. A patched-image rebuild at version 4.0.0 is available on HarborGuard for environments running an affected version of this plugin.

HarborGuard Coverage

Exploit Conditions

• Network reachabilityRequired

  The vulnerable endpoint is exposed over the network, so the attacker must be able to reach the WordPress service via HTTP/HTTPS from a remote location.

• AuthenticationNot required

  No account or session credentials are needed; the authorization check is entirely absent for the affected requests.

• Victim interactionNot required

  The attack is fully server-side and does not require any action from a logged-in user or site visitor.

• Attack complexityDetail

  Exploitation is reliable and condition-free, requiring no race conditions, special memory layout, or environmental setup beyond network access to the target.

Blast Radius

• An attacker reads documents and document revisions stored in WordPress that are intended to be access-controlled, including any confidential files uploaded through the plugin.
• No write or delete capability is conferred by this vulnerability; data integrity and availability are unaffected.
• Exposed documents may include internal drafts, legal files, or other sensitive content depending on how the site uses the plugin.
• If documents contain credentials or personal data, downstream account compromise or compliance violations are a direct consequence of disclosure.