Katalogportal-pdf-sync Widget <= 1.0.0 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure via 'katalogportal_shortcodePrinter' AJAX Action

The Katalogportal PDF Sync plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.0. The katalogportal_popup_shortcode() function is registered as an AJAX handler via wp_ajax_katalogportal_shortcodePrinter but lacks any capability check (current_user_can()) or nonce verification. This allows any authenticated user, including Subscribers, to call the endpoint and retrieve a list of all synchronized PDF attachments (including those attached to private or draft posts) along with their titles, actual filenames, and the katalogportal_userid configuration value. The WP_Query uses post_status => 'any' which returns attachments regardless of the parent post's visibility status.

Back to Feed View Plugin Hub Open CVE Reference

Published

Apr 14, 2026

Last Updated

Apr 14, 2026

Slug

katalogportal-pdf-sync

Risk Profile

5.3 CVSS Score

Weakness

Missing Authorization

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Researchers

Poli

Operational Summary

What the operator needs to know

Share Email

Patch Status

No patched release listed

Remediation

No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/a01e7b21-f3ff-42a8-b78a-ad69973eda01?source=api-prod

Detailed Metadata

Software Type	Plugin
Software Slug	katalogportal-pdf-sync View on wordpress.org
CVE	CVE-2026-3649
Patched Versions	No patched versions published.
Affected Versions	*-1.0.0

Licensing Notices

This record contains material that is subject to copyright

DEFIANT

License: Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy. Read more

MITRE

License: CVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy. Read more