Medium severity5.3NVD Advisory· Published Jan 23, 2026· Updated Apr 28, 2026

CVE-2026-24577

Description

Missing Authorization vulnerability in Genetech Products Pie Register pie-register allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pie Register: from n/a through <= 3.8.4.8.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Missing authorization in Pie Register plugin ≤3.8.4.8 allows attackers to access restricted functions due to broken access controls.

Vulnerability

Overview The Pie Register plugin for WordPress versions up to and including 3.8.4.8 contains a missing authorization vulnerability. This is a broken access control issue where the plugin fails to properly enforce permissions, allowing unprivileged users to execute actions intended for higher-privileged roles [1].

Exploitation

Attackers can exploit this vulnerability by sending crafted requests to the affected plugin endpoints without proper authentication or nonce checks. No special network position or prior authentication is required, making it exploitable remotely by any unauthenticated user [1].

Impact

Successful exploitation could allow an attacker to perform unauthorized actions such as modifying settings or accessing sensitive data, depending on the affected functionality. The CVSS score of 5.3 (Medium) indicates a moderate risk, though the report notes it is unlikely to be widely exploited [1].

Mitigation

The vulnerability is fixed in version 3.8.4.9. Users are advised to update immediately. For Patchstack users, auto-updates can be enabled for vulnerable plugins. If unable to update, contact hosting provider for assistance [1].

References

Broken Access Control in WordPress Pie Register Plugin

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

WordPress/Pie Registerinferred2 versions
<=3.8.4.8+ 1 more
- (no CPE)range: <=3.8.4.8
- (no CPE)range: <= 3.8.4.8
Package: https://wordpress.org/plugins/pie-register

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

patchstack.com/database/Wordpress/Plugin/pie-register/vulnerability/wordpress-pie-register-plugin-3-8-4-7-broken-access-control-vulnerabilitynvd

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000