CVE-2026-24590
Description
Missing Authorization vulnerability in VideoWhisper.Com Paid Videochat Turnkey Site allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Paid Videochat Turnkey Site: from n/a through 7.3.23.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Missing Authorization in Paid Videochat Turnkey Site plugin (<=7.3.23) allows unprivileged users to exploit incorrectly configured access controls.
Vulnerability
The Paid Videochat Turnkey Site plugin for WordPress versions from n/a through 7.3.23 suffers from a missing authorization vulnerability. The plugin fails to properly validate access control security levels, allowing unintended privilege escalation.
Exploitation
An attacker with low-level user access can exploit the missing authorization checks to perform actions that should be restricted to higher-privileged roles. No special network position or user interaction beyond having an account is required.
Impact
Successful exploitation allows an attacker to execute unauthorized actions, potentially leading to sensitive data disclosure, configuration changes, or further compromise of the WordPress site. The vulnerability has a CVSS score of 5.3 (Medium), indicating a moderate risk.
Mitigation
Update to version 7.3.24 or later, which fixes the broken access control issue. Patchstack users can enable auto-updates for vulnerable plugins. There are no known workarounds for versions prior to 7.3.24. [1]
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=7.3.23
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.