CVE-2026-24561
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-23

Last updated on: 2026-04-28

Assigner: Patchstack

Description
Missing Authorization vulnerability in Mahmudul Hasan Arif FluentBoards fluent-boards allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentBoards: from n/a through <= 1.91.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-23
Last Modified
2026-04-28
Generated
2026-06-16
AI Q&A
2026-01-23
EPSS Evaluated
2026-06-15
NVD
CVE-2026-24561
EUVD
EUVD-2026-4239
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mahmudul_hasan_arif fluent_boards to 1.91.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-24561 is a Broken Access Control vulnerability in the WordPress FluentBoards plugin (versions up to 1.91.1). It occurs due to missing authorization, authentication, or nonce token checks in certain functions, which may allow users with subscriber-level privileges to perform actions that should be restricted to higher-privileged roles. [1]

Impact Analysis

This vulnerability could allow an attacker with subscriber-level access to perform unauthorized actions within the FluentBoards plugin, potentially leading to privilege escalation or unauthorized modifications. However, the severity is considered low with a CVSS score of 5.4, and exploitation is considered unlikely. [1]

Detection Guidance

Detection of this vulnerability involves checking for unauthorized access attempts or actions performed by subscriber-level users that should require higher privileges. Since the issue is due to missing authorization checks in certain functions of the FluentBoards plugin, monitoring logs for unusual activity or privilege escalation attempts related to FluentBoards is recommended. Specific commands are not provided in the available resources. [1]

Mitigation Strategies

Immediate mitigation steps include restricting subscriber-level privileges as much as possible, monitoring for suspicious activity, and applying any available security intelligence or mitigations provided by Patchstack. Since no official fix or patched version is currently available, applying strict access controls and monitoring is advised. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-24561. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart