CVE-2026-24563
BaseFortify
Publication date: 2026-01-23
Last updated on: 2026-04-28
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| patchstack | lifepress | to 2.1.3 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Broken Access Control issue in the WordPress LifePress Plugin (versions up to 2.1.3). It occurs due to missing authorization, authentication, or nonce token checks in certain functions, which can allow users with only subscriber-level privileges to perform actions that should be restricted to higher-privileged roles. [1]
How can this vulnerability impact me? :
The impact of this vulnerability is considered low severity with a CVSS score of 4.3. It could allow unprivileged users to perform unauthorized actions within the LifePress plugin, potentially leading to misuse of plugin functionality. However, exploitation is unlikely and no direct patch is currently available, so users should monitor for updates or mitigations. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
There are no specific detection commands or network indicators provided for this vulnerability. Since it involves missing authorization checks within the WordPress LifePress plugin (up to version 2.1.3), detection would typically involve reviewing plugin usage and access logs for unauthorized actions performed by subscriber-level users. However, no explicit commands or detection methods are detailed in the provided resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include monitoring for updates or mitigations from the plugin developer or security services, restricting subscriber-level privileges where possible, and carefully auditing user actions within the LifePress plugin. Since no official fix or patched version is currently available, users should apply strict access controls and consider disabling or replacing the plugin until a patch is released. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.