CVE-2026-24386
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-22

Last updated on: 2026-04-28

Assigner: Patchstack

Description
Missing Authorization vulnerability in Element Invader Element Invader – Template Kits for Elementor elementinvader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Element Invader – Template Kits for Elementor: from n/a through <= 1.2.4.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-22
Last Modified
2026-04-28
Generated
2026-06-16
AI Q&A
2026-01-22
EPSS Evaluated
2026-06-15
NVD
CVE-2026-24386
EUVD
EUVD-2026-3800
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
elementinvader element_invader_template_kits_for_elementor to 1.2.4 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a Broken Access Control issue in the WordPress plugin "Element Invader – Template Kits for Elementor" (up to version 1.2.4). It occurs due to missing authorization, authentication, or nonce token checks in certain functions, which allows unprivileged users (like subscribers or developers) to perform actions that should be restricted to higher-privileged roles. [1]

Impact Analysis

The vulnerability allows users without proper privileges to execute actions reserved for higher-privileged roles, potentially leading to unauthorized changes or access within the plugin. However, it is considered a low severity issue with a CVSS score of 4.3, indicating a low priority and low impact threat. Despite the low risk, it is recommended to update to version 1.2.5 or later to mitigate this risk. [1]

Detection Guidance

Detection involves verifying if the installed version of the Element Invader – Template Kits for Elementor plugin is version 1.2.4 or earlier. Since the vulnerability is due to missing authorization checks, you can check the plugin version via WordPress CLI with the command: `wp plugin list | grep elementinvader`. Additionally, monitoring for unauthorized actions by low-privileged users attempting to perform higher-privileged tasks in the plugin may help detect exploitation attempts. However, no specific detection commands are provided. [1]

Mitigation Strategies

The immediate mitigation step is to update the Element Invader – Template Kits for Elementor plugin to version 1.2.5 or later, where the vulnerability is fixed. Applying this update will restore proper access control and prevent unauthorized actions. Additionally, consider restricting plugin access to trusted users and monitoring user roles to minimize risk until the update is applied. [1]

Compliance Impact

The provided resources do not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-24386. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart