CVE-2026-24567
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-23

Last updated on: 2026-04-28

Assigner: Patchstack

Description
Missing Authorization vulnerability in briarinc Anything Order by Terms anything-order-by-terms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Anything Order by Terms: from n/a through <= 1.4.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-23
Last Modified
2026-04-28
Generated
2026-06-16
AI Q&A
2026-01-23
EPSS Evaluated
2026-06-15
NVD
CVE-2026-24567
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
briarinc anything_order_by_terms From 1.0.0 (inc) to 1.4.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-24567 is a Broken Access Control vulnerability in the WordPress plugin "Anything Order by Terms" up to version 1.4.0. It occurs due to missing authorization, authentication, or nonce token checks in certain functions, which allows unprivileged users (like contributors or developers) to perform actions that normally require higher privileges. [1]

Impact Analysis

This vulnerability can allow users without sufficient privileges to perform unauthorized actions within the plugin, potentially leading to unintended changes or access to restricted functionality. However, it is considered low severity with a CVSS score of 4.3 and is unlikely to be exploited. [1]

Detection Guidance

There are no specific detection commands or network/system detection methods provided for this vulnerability. Detection would likely involve reviewing the plugin's access control configurations and monitoring for unauthorized actions by unprivileged users, but no explicit commands or tools are mentioned. [1]

Mitigation Strategies

Immediate mitigation steps include restricting user roles to prevent unprivileged users from accessing sensitive functions in the plugin. Since no official fix or patched version is available, using Patchstack's offered mitigation services to protect affected installations is recommended. [1]

Compliance Impact

The provided information does not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-24567. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart