CVE-2026-24386
BaseFortify
Publication date: 2026-01-22
Last updated on: 2026-04-28
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| elementinvader | element_invader_template_kits_for_elementor | to 1.2.4 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Broken Access Control issue in the WordPress plugin "Element Invader β Template Kits for Elementor" (up to version 1.2.4). It occurs due to missing authorization, authentication, or nonce token checks in certain functions, which allows unprivileged users (like subscribers or developers) to perform actions that should be restricted to higher-privileged roles. [1]
How can this vulnerability impact me? :
The vulnerability allows users without proper privileges to execute actions reserved for higher-privileged roles, potentially leading to unauthorized changes or access within the plugin. However, it is considered a low severity issue with a CVSS score of 4.3, indicating a low priority and low impact threat. Despite the low risk, it is recommended to update to version 1.2.5 or later to mitigate this risk. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves verifying if the installed version of the Element Invader β Template Kits for Elementor plugin is version 1.2.4 or earlier. Since the vulnerability is due to missing authorization checks, you can check the plugin version via WordPress CLI with the command: `wp plugin list | grep elementinvader`. Additionally, monitoring for unauthorized actions by low-privileged users attempting to perform higher-privileged tasks in the plugin may help detect exploitation attempts. However, no specific detection commands are provided. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the Element Invader β Template Kits for Elementor plugin to version 1.2.5 or later, where the vulnerability is fixed. Applying this update will restore proper access control and prevent unauthorized actions. Additionally, consider restricting plugin access to trusted users and monitoring user roles to minimize risk until the update is applied. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.