CVE-2026-22459
Awaiting Analysis Awaiting Analysis - Queue
Missing Authorization in Blend Media WordPress CTA

Publication date: 2026-03-05

Last updated on: 2026-04-28

Assigner: Patchstack

Description
Missing Authorization vulnerability in Blend Media WordPress CTA easy-sticky-sidebar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress CTA: from n/a through <= 2.1.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-05
Last Modified
2026-04-28
Generated
2026-06-16
AI Q&A
2026-03-05
EPSS Evaluated
2026-06-15
NVD
CVE-2026-22459
EUVD
EUVD-2026-9579
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
blend_media easy_sticky_sidebar From 1.0.0 (inc) to 1.7.4 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-22459 is a medium severity Broken Access Control vulnerability in the WordPress CTA Plugin (easy-sticky-sidebar) versions up to and including 1.7.4.

The issue is caused by missing authorization, authentication, or nonce token checks within certain plugin functions. This allows unauthenticated users to perform actions that should be restricted to higher privileged users.

It is classified under the OWASP Top 10 category A1: Broken Access Control.

Impact Analysis

This vulnerability allows unauthenticated attackers to bypass access controls and perform privileged actions on a website using the affected WordPress CTA Plugin.

Because no authentication is required to exploit this flaw, attackers can potentially manipulate or control parts of the website without permission.

This can lead to unauthorized changes, data exposure, or other malicious activities depending on what actions the plugin controls.

The vulnerability has a CVSS score of 6.5, indicating a moderate risk and a reasonable likelihood of exploitation.

Compliance Impact

I don't know

Detection Guidance

There is no specific information provided about detection commands or methods to identify this vulnerability on your network or system.

Mitigation Strategies

To mitigate this vulnerability, users are advised to apply the mitigation rule provided by Patchstack that can block attacks targeting this flaw until an official patch becomes available.

Since no official patch has been released as of the publication date, applying this mitigation promptly is recommended to secure affected WordPress CTA Plugin installations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-22459. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart