CVE-2026-24615
BaseFortify
Publication date: 2026-01-23
Last updated on: 2026-04-28
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| themebeez | cream_magazine | to 2.1.10 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-24615 is a broken access control vulnerability in the WordPress Cream Magazine Theme (versions up to 2.1.10). It occurs due to missing authorization, authentication, or nonce token checks in certain functions, allowing unauthenticated users to perform actions that should require higher privileges. [1]
How can this vulnerability impact me? :
This vulnerability allows unauthorized users to perform privileged actions, potentially compromising the security and integrity of a website using the vulnerable Cream Magazine theme. Since no official fix is available and the theme is unlikely to be updated, the risk remains unless the theme is removed or mitigated by Patchstack rules. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves identifying if the WordPress site is using the Cream Magazine theme version 2.1.10 or earlier. Since the issue is due to missing authorization checks allowing unauthenticated users to perform privileged actions, monitoring for unauthorized access attempts or unusual activity related to theme functions could help. However, no specific detection commands or tools are provided in the available resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include removing and replacing the vulnerable Cream Magazine theme (version 2.1.10 or earlier) with a secure alternative. Simply deactivating the theme does not eliminate the risk unless a specific mitigation rule from Patchstack is applied. Since no official fix or patch is available and the theme is unlikely to be updated, replacing the theme is the recommended solution. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.