The WP Sessions Time Monitoring Full Automatic plugin for WordPress, versions up to 1.1.3, suffers from a missing authorization vulnerability (CVE-2026-32362). This flaw arises from incorrectly configured access control, allowing unauthorized users to perform actions that should require authorization. The vulnerability does not impact confidentiality or availability but can lead to integrity loss due to unauthorized modifications. The CVSS 3.1 base score is 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). No patch or official remediation information is currently available.

Exploitation of this vulnerability could allow an unauthenticated attacker to modify data within the affected plugin, impacting data integrity. There is no impact on confidentiality or availability reported. No known exploits have been observed in the wild.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, consider restricting access to the plugin's functionality or disabling it if feasible to reduce risk.