CVE-2026-24944
MEDIUMSeverity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
Missing Authorization vulnerability in weDevs Subscribe2 subscribe2 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Subscribe2: from n/a through <= 10.44.
AnalysisAI
Inadequate access control in weDevs Subscribe2 plugin version 10.44 and earlier permits unauthenticated attackers to bypass authorization checks and gain unauthorized access to restricted functionality. An attacker can exploit misconfigured security levels to perform actions they should not be permitted to execute, potentially exposing sensitive subscriber data or modifying plugin settings. No patch is currently available.
Technical ContextAI
Classified as CWE-862 (Missing Authorization). Affects weDevs Subscribe2 subscribe2. Missing Authorization vulnerability in weDevs Subscribe2 subscribe2 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Subscribe2: from n/a through <= 10.44.
Affected ProductsAI
Product: weDevs Subscribe2 subscribe2.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today