CVE-2026-24545
Description
Missing Authorization vulnerability in Nikki Blight QR Redirector allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects QR Redirector: from n/a through 2.0.3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
QR Redirector plugin 2.0.3 and earlier lacks proper access control, allowing unauthenticated attackers to trigger privileged actions.
Vulnerability
QR Redirector for WordPress versions from n/a through 2.0.3 [1] suffers from a missing authorization vulnerability. This broken access control flaw means that certain functions within the plugin do not perform adequate capability or nonce checks, making the code path reachable by any visitor to the site.
Exploitation
An attacker needs only network access to the WordPress site; no authentication or prior privilege is required [1]. By directly calling the vulnerable endpoint or sending crafted requests, the attacker can trigger actions that should be restricted to higher-privileged users.
Impact
Successful exploitation allows an unauthenticated attacker to execute privileged functions, potentially leading to unauthorized modification of site settings or redirection rules. The impact is limited in scope and considered low severity by the maintainer [1].
Mitigation
The vulnerability is fixed in version 2.0.4 [1]. Users should immediately update to this version or enable auto-updates. No workaround is disclosed for those unable to update [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2<=2.0.3+ 1 more
- (no CPE)range: <=2.0.3
- (no CPE)range: <=2.0.3
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.