CVE-2026-24612
Description
Missing Authorization vulnerability in themebeez Orchid Store orchid-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orchid Store: from n/a through <= 1.5.15.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The Orchid Store WordPress theme <=1.5.15 has a broken access control vulnerability allowing unauthenticated privilege escalation.
The Orchid Store theme for WordPress suffers from a Missing Authorization vulnerability (Broken Access Control) in versions up to and including 1.5.15. This issue stems from incorrectly configured access control security levels, allowing unauthorized actions.
Exploitation requires no authentication and can be performed remotely. Attackers can leverage this flaw in mass-exploit campaigns targeting thousands of websites simultaneously, regardless of site traffic or popularity [1].
Successful exploitation enables an attacker to execute higher-privileged actions that should be restricted, potentially compromising the site's security.
The theme has not been updated in three months and is unlikely to receive further patches. Simply deactivating the theme does not remove the threat; removal and replacement are recommended. A Patchstack mitigation rule may offer temporary protection [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=1.5.15
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.