CVE-2026-32565
WordPress Contextual Related Posts plugin < 4.2.2 - Broken Access Control vulnerabilityMissing Authorization vulnerability in Ajay Contextual Related Posts contextual-related-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contextual Related Posts: from n/a through < 4.2.2.
We have discovered 12,632 live websites that are affected by CVE-2026-32565.
Affected Software
| Product |  Contextual Related Posts |
| Category | Wordpress Plugins |
| Vulnerable Domains | 12,632 live websites (100% of Contextual Related Posts install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 25 versions ( 96% of all versions) |
Details
- Published - Mar 18, 2026
- Updated - Apr 29, 2026
Credits
- Nguyen Ba Khanh | Patchstack Bug Bounty Program (finder)
CVE References
Website Distribution by Country
Number of websites using CVE-2026-32565 United States | 4,539 websites |
 Germany | 1,336 websites |
 Russia | 1,090 websites |
 France | 1,007 websites |
 Italy | 394 websites |
 Sweden | 351 websites |
 GB | 313 websites |
 Spain | 293 websites |
 Poland | 279 websites |
 Cyprus | 210 websites |
Website Distribution by TLD
Number of websites using CVE-2026-32565| .com | 5,591 websites |
| .ru | 1,045 websites |
| .de | 742 websites |
| .org | 577 websites |
| .net | 521 websites |
| .fr | 449 websites |
| .it | 327 websites |
| .se | 285 websites |
| .pl | 204 websites |
| .es | 197 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2026-32565
Top websites that are affected by CVE-2026-32565. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| **********.org | United States | *** | |
| *****.com | Spain | *,*** | |
| *********.pk |  Pakistan | *,*** | |
| ***************.com | United States | **,*** | |
| ********.******.com | United States | **,*** | |
| ************.nl |  Netherlands | **,*** | |
| *******.***.***.br |  Brazil | **,*** | |
| ******.edu | United States | **,*** | |
| ************.app | GB | **,*** | |
| *********************.com | United States | **,*** |
FAQ
A total of 12,632 websites have been identified as vulnerable to CVE-2026-32565, based on global website indexing conducted by WebTechSurvey.
The Contextual Related Posts is affected by the CVE-2026-32565 vulnerability.
Contextual Related Posts versions up to and including 4.2.2 are vulnerable to CVE-2026-32565.