Skip to main content

Ultimate Post Kit

1 CVEs product

Monthly

CVE-2026-24362 MEDIUM This Month

A missing authorization vulnerability exists in bdthemes Ultimate Post Kit WordPress plugin through version 4.0.21, where incorrectly configured access control allows attackers to bypass authentication mechanisms and exploit broken access control security levels. An attacker can leverage this vulnerability to perform unauthorized actions that should be restricted to authenticated or privileged users. While no CVSS score, EPSS data, or confirmed KEV status is currently available, the vulnerability is classified under CWE-862 (Missing Authorization) and has been documented by Patchstack, indicating active research and potential exploitation concern.

Authentication Bypass Ultimate Post Kit
NVD VulDB
CVSS 3.1
6.4
EPSS
0.0%
EPSS 0% CVSS 6.4
MEDIUM This Month

A missing authorization vulnerability exists in bdthemes Ultimate Post Kit WordPress plugin through version 4.0.21, where incorrectly configured access control allows attackers to bypass authentication mechanisms and exploit broken access control security levels. An attacker can leverage this vulnerability to perform unauthorized actions that should be restricted to authenticated or privileged users. While no CVSS score, EPSS data, or confirmed KEV status is currently available, the vulnerability is classified under CWE-862 (Missing Authorization) and has been documented by Patchstack, indicating active research and potential exploitation concern.

Authentication Bypass Ultimate Post Kit
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy