SiteLock SiteLock Security CVE-2026-24532
MEDIUMSeverity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
4DescriptionCVE.org
Missing Authorization vulnerability in SiteLock SiteLock Security - WP Hardening, Login Security & Malware Scans allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteLock Security - WP Hardening, Login Security & Malware Scans: from n/a through 5.0.2.
AnalysisAI
Incorrect access control in SiteLock Security plugin versions up to 5.0.2 for WordPress allows authenticated users to modify content they should not have permission to access. An attacker with login credentials could exploit misconfigured security levels to bypass authorization checks and alter website data. No patch is currently available.
Technical ContextAI
Classified as CWE-862 (Missing Authorization). Affects from n/a. Missing Authorization vulnerability in SiteLock SiteLock Security – WP Hardening, Login Security & Malware Scans allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteLock Security – WP Hardening, Login Security & Malware Scans: from n/a through 5.0.2.
Affected ProductsAI
Missing Authorization vulnerability in SiteLock SiteLock Security – WP Hardening, Login Security & Malware Scans allows Exploiting Incorrectly Configu
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today