CVE-2026-32587
WordPress WP EasyPay plugin <= 4.2.11 - Broken Access Control vulnerabilityMissing Authorization vulnerability in Saad Iqbal WP EasyPay wp-easy-pay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP EasyPay: from n/a through <= 4.2.11.
We have discovered 332 live websites that are affected by CVE-2026-32587.
Affected Software
| Product |  Wp Easy Pay |
| Category | Wordpress Plugins |
| Vulnerable Domains | 332 live websites (95% of Wp Easy Pay install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 2 versions ( 67% of all versions) |
Details
- Published - Mar 16, 2026
- Updated - Apr 1, 2026
Credits
- Nabil Irawan | Patchstack Bug Bounty Program (finder)
CVE References
Website Distribution by Country
Number of websites using CVE-2026-32587 United States | 286 websites |
 Canada | 17 websites |
 Australia | 10 websites |
 GB | 4 websites |
 Singapore | 3 websites |
 Cyprus | 2 websites |
 France | 2 websites |
 Bulgaria | 1 websites |
 Ireland | 1 websites |
Website Distribution by TLD
Number of websites using CVE-2026-32587| .com | 190 websites |
| .org | 101 websites |
| .ca | 9 websites |
| .net | 8 websites |
| .com.au | 7 websites |
| .co.uk | 4 websites |
| .info | 2 websites |
| .it | 1 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2026-32587
Top websites that are affected by CVE-2026-32587. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***********.com | United States | ***,*** | |
| ******************.org | United States | ***,*** | |
| ********.org | United States | ***,*** | |
| ***************.info | United States | *,***,*** | |
| ************.org | United States | *,***,*** | |
| ************.org | Bulgaria | *,***,*** | |
| **********.org | United States | *,***,*** | |
| ********.school | United States | *,***,*** | |
| *******************.com | United States | *,***,*** | |
| ************.com |  Japan | *,***,*** |
FAQ
A total of 332 websites have been identified as vulnerable to CVE-2026-32587, based on global website indexing conducted by WebTechSurvey.
The Wp Easy Pay is affected by the CVE-2026-32587 vulnerability.
Wp Easy Pay versions up to and including 4.2.11 are vulnerable to CVE-2026-32587.