Medium severity4.3NVD Advisory· Published Jan 23, 2026· Updated Apr 28, 2026

CVE-2026-24563

Description

Missing Authorization vulnerability in Ashan Perera LifePress lifepress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LifePress: from n/a through <= 2.2.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Missing authorization in LifePress plugin ≤2.2.1 allows unauthenticated attackers to exploit incorrectly configured access controls.

Vulnerability

Overview CVE-2026-24563 is a missing authorization vulnerability in the LifePress plugin for WordPress, affecting versions from n/a through 2.2.1. The issue stems from incorrectly configured access control security levels, which can be exploited by unauthenticated attackers to perform actions that should require higher privileges [1].

Exploitation

Attackers can exploit this vulnerability without authentication by sending crafted requests to the vulnerable plugin endpoints. The attack surface is broad because the plugin is widely used, and the vulnerability can be leveraged in mass-exploit campaigns targeting thousands of websites regardless of their size or popularity [1].

Impact

Successful exploitation allows an attacker to bypass access controls and execute unauthorized actions, potentially leading to data exposure, privilege escalation, or other malicious activities depending on the specific functions affected. The CVSS v3 base score is 4.3 (Medium), indicating a moderate severity [1].

Mitigation

The vulnerability has been addressed in version 2.2.2 of the LifePress plugin. Users are strongly advised to update to this version or later. For those unable to update immediately, consulting a hosting provider or web developer is recommended. Patchstack users can enable auto-updates for vulnerable plugins [1].

References

Broken Access Control in WordPress LifePress Plugin

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

WordPress/Lifepressinferred
Range: <= 2.2.1
Package: https://wordpress.org/plugins/lifepress
Ashan Perera/LifePressllm-create
Range: <=2.2.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

patchstack.com/database/Wordpress/Plugin/lifepress/vulnerability/wordpress-lifepress-plugin-2-1-3-broken-access-control-vulnerability-2nvd

News mentions

No linked articles in our index yet.

cvss	0.280
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000