CVE-2026-24607
BaseFortify
Publication date: 2026-01-23
Last updated on: 2026-04-28
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| patchstack | travel_monster | to 1.3.3 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-24607 is a Broken Access Control vulnerability in the WordPress Travel Monster Theme (versions up to 1.3.3). It occurs due to missing authorization, authentication, or nonce token checks in certain functions, which allows unauthenticated users to perform actions that normally require higher privileges. [1]
How can this vulnerability impact me? :
This vulnerability could allow unauthorized users to perform privileged actions on a website using the Travel Monster Theme, potentially compromising site security. However, the CVSS severity score is 5.3, indicating a low priority and low impact threat, and exploitation is considered unlikely. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves missing authorization checks in the WordPress Travel Monster Theme up to version 1.3.3, allowing unauthenticated users to perform privileged actions. Detection would involve reviewing access logs for unauthorized access attempts or unusual activity related to the Travel Monster theme functions. However, no specific detection commands or tools are provided. Monitoring for unauthorized access or using security plugins that detect broken access control issues may help. [1]
What immediate steps should I take to mitigate this vulnerability?
Since no official fix or patched version is currently available, immediate mitigation steps include applying any recommended workarounds or mitigation solutions offered by Patchstack, restricting access to the affected theme functions, and monitoring for suspicious activity. Additionally, consider disabling or removing the Travel Monster theme if it is not essential, or applying custom access control measures to prevent unauthorized actions. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how this Broken Access Control vulnerability in the Travel Monster theme affects compliance with common standards and regulations such as GDPR or HIPAA.