CVE-2026-24568
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-23

Last updated on: 2026-04-28

Assigner: Patchstack

Description
Missing Authorization vulnerability in WP Travel WP Travel wp-travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through <= 11.1.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-23
Last Modified
2026-04-28
Generated
2026-06-16
AI Q&A
2026-01-23
EPSS Evaluated
2026-06-15
NVD
CVE-2026-24568
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wp_travel wp_travel to 11.0.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

This vulnerability could allow unauthorized users to perform actions reserved for privileged users within the WP Travel plugin, potentially leading to unauthorized changes or access. However, the severity is rated low (CVSS 5.3), and exploitation is considered unlikely. [1]

Executive Summary

CVE-2026-24568 is a broken access control vulnerability in the WordPress WP Travel Plugin (versions up to 11.0.0). It occurs due to missing authorization, authentication, or nonce token checks in certain plugin functions, which could allow unauthenticated users to perform actions that should be restricted to higher-privileged users. [1]

Detection Guidance

Detection of this vulnerability involves checking for unauthorized access attempts or actions performed without proper authorization in the WP Travel plugin. Since the issue is due to missing authorization checks in certain plugin functions, monitoring web server logs for suspicious requests targeting WP Travel endpoints may help. However, no specific detection commands or tools are provided. Using a web application firewall (WAF) or security platform that can detect broken access control attempts might assist in identifying exploitation attempts. [1]

Mitigation Strategies

Immediate mitigation steps include restricting access to the WP Travel plugin functions by implementing additional access control measures at the web server or application level. Since no official fix or patched version is available, using a security platform like Patchstack's to apply virtual patches or mitigation rules is recommended. Additionally, monitoring and limiting user privileges and disabling or restricting the plugin if possible until a fix is released can reduce risk. [1]

Compliance Impact

The provided resources do not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-24568. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart