CVE-2026-24556
BaseFortify
Publication date: 2026-01-23
Last updated on: 2026-04-28
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| patchstack | elementcamp | to 2.3.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
CVE-2026-24556 is a Broken Access Control vulnerability in the WordPress ElementCamp Plugin (versions up to 2.3.2). It occurs due to missing authorization checks, allowing unauthenticated users to perform actions that should be restricted to higher-privileged users. This means that anyone, even without logging in, can exploit this flaw to access or manipulate features they shouldn't be able to. [1]
How can this vulnerability impact me? :
This vulnerability allows unauthenticated users to perform privileged actions, potentially leading to unauthorized access or changes within the affected WordPress site. However, it is considered low severity with a CVSS score of 5.3 and is unlikely to be exploited. There is currently no official fix or patch available, so the risk remains until mitigations are applied or a patch is released. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the WordPress site is running the ElementCamp plugin version 2.3.2 or earlier. Since it is a broken access control issue allowing unauthenticated users to perform privileged actions, monitoring unauthorized access attempts or unusual activity related to ElementCamp plugin endpoints may help detect exploitation attempts. Specific commands are not provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the ElementCamp plugin functionalities by implementing additional access control measures at the web server or application level, such as IP whitelisting or authentication enforcement. Since no official patch or fix is available, consider disabling the plugin until a fix is released or applying custom security rules to block unauthenticated requests targeting the plugin. [1]