CVE-2026-24566
BaseFortify
Publication date: 2026-01-23
Last updated on: 2026-01-26
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| inet | inet_webkit | to 1.2.4 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
CVE-2026-24566 is a Broken Access Control vulnerability in the WordPress iNET Webkit Plugin (versions up to 1.2.4). It occurs due to missing authorization, authentication, or nonce token checks in certain plugin functions, which allows users with contributor or developer privileges to perform actions that should be restricted to higher privilege levels. [1]
How can this vulnerability impact me? :
This vulnerability allows users with at least contributor or developer privileges to perform unauthorized actions reserved for higher privilege levels, potentially leading to unauthorized changes or access within the plugin. However, the impact is considered low priority and exploitation is unlikely. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves checking for unauthorized access attempts or actions performed without proper authorization in the iNET Webkit Plugin up to version 1.2.4. Since the issue is due to missing authorization checks allowing unprivileged users to perform privileged actions, monitoring logs for unusual privilege escalations or access patterns related to the plugin is recommended. Specific commands are not provided in the available resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the iNET Webkit Plugin to trusted users only, monitoring for suspicious activity, and applying any available security controls to limit contributor or developer level access. Since no official fix or patched version is currently available, using Patchstack's mitigation and security intelligence services is recommended to address the vulnerability promptly. [1]