Executive Summary

CVE-2026-24615 is a broken access control vulnerability in the WordPress Cream Magazine Theme (versions up to 2.1.10). It occurs due to missing authorization, authentication, or nonce token checks in certain functions, allowing unauthenticated users to perform actions that should require higher privileges. [1]

Useful 0 Not Useful 0

Impact Analysis

This vulnerability allows unauthorized users to perform privileged actions, potentially compromising the security and integrity of a website using the vulnerable Cream Magazine theme. Since no official fix is available and the theme is unlikely to be updated, the risk remains unless the theme is removed or mitigated by Patchstack rules. [1]

Useful 0 Not Useful 0

Detection Guidance

Detection of this vulnerability involves identifying if the WordPress site is using the Cream Magazine theme version 2.1.10 or earlier. Since the issue is due to missing authorization checks allowing unauthenticated users to perform privileged actions, monitoring for unauthorized access attempts or unusual activity related to theme functions could help. However, no specific detection commands or tools are provided in the available resources. [1]

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include removing and replacing the vulnerable Cream Magazine theme (version 2.1.10 or earlier) with a secure alternative. Simply deactivating the theme does not eliminate the risk unless a specific mitigation rule from Patchstack is applied. Since no official fix or patch is available and the theme is unlikely to be updated, replacing the theme is the recommended solution. [1]

Useful 0 Not Useful 0

Compliance Impact

The provided information does not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Useful 0 Not Useful 0