CVE-2026-24567

4.3

Medium

Published:23 Jan 2026

Last updated:17 Jun 2026

Source:audit@patchstack.com

Deferred

Weakness (CWE)

CWE-862Missing Authorization

CVSS Vector

v3.1

Attack Vector: Network
Attack Complexity: Low
Privileges Required: Low
User Interaction: None
Scope: Unchanged
Confidentiality: None
Integrity: Low
Availability: None

View on MITRE Find PoC on GitHub

Description

Missing Authorization vulnerability in briarinc Anything Order by Terms anything-order-by-terms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Anything Order by Terms: from n/a through <= 1.4.0.

References

audit@patchstack.com

https://patchstack.com/database/Wordpress/Plugin/anything-order-by-terms/vulnerability/wordpress-anything-order-by-terms-plugin-1-4-0-broken-access-control-vulnerability?_s_id=cve