{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22492", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-01-07T13:44:23.295Z", "datePublished": "2026-01-08T16:23:26.291Z", "dateUpdated": "2026-04-28T16:14:46.205Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "docket-cache", "product": "Docket Cache", "vendor": "Nawawi Jamili", "versions": [{"changes": [{"at": "24.07.05", "status": "unaffected"}], "lessThanOrEqual": "24.07.04", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Legion Hunter | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:44:00.855Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in Nawawi Jamili Docket Cache docket-cache allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Docket Cache: from n/a through <= 24.07.04.</p>"}], "value": "Missing Authorization vulnerability in Nawawi Jamili Docket Cache docket-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Docket Cache: from n/a through <= 24.07.04."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:46.205Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/docket-cache/vulnerability/wordpress-docket-cache-plugin-24-07-04-broken-access-control-vulnerability?_s_id=cve"}], "title": "WordPress Docket Cache plugin <= 24.07.04 - Broken Access Control vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-08T16:58:54.512750Z", "id": "CVE-2026-22492", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-25T01:58:05.330Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22492", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-08T16:58:54.512750Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-08T16:59:26.267Z"}}], "cna": {"title": "WordPress Docket Cache plugin <= 24.07.04 - Broken Access Control vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "Legion Hunter | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Nawawi Jamili", "product": "Docket Cache", "versions": [{"status": "affected", "changes": [{"at": "24.07.05", "status": "unaffected"}], "version": "0", "versionType": "custom", "lessThanOrEqual": "24.07.04"}], "packageName": "docket-cache", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "datePublic": "2026-04-22T14:21:50.595Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/docket-cache/vulnerability/wordpress-docket-cache-plugin-24-07-04-broken-access-control-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Nawawi Jamili Docket Cache docket-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Docket Cache: from n/a through <= 24.07.04.", "supportingMedia": [{"type": "text/html", "value": "Missing Authorization vulnerability in Nawawi Jamili Docket Cache docket-cache allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Docket Cache: from n/a through <= 24.07.04.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "Missing Authorization"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-23T14:14:03.357Z"}}}, "cveMetadata": {"cveId": "CVE-2026-22492", "state": "PUBLISHED", "dateUpdated": "2026-04-25T01:58:05.330Z", "dateReserved": "2026-01-07T13:44:23.295Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-01-08T16:23:26.291Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Nawawi Jamili Docket Cache docket-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Docket Cache: from n/a through <= 24.07.04."}, {"lang": "es", "value": "Vulnerabilidad de autorizaci\u00f3n faltante en Nawawi Jamili Docket Cache permite la explotaci\u00f3n de niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Docket Cache: desde n/a hasta 24.07.04."}], "id": "CVE-2026-22492", "lastModified": "2026-04-23T15:36:34.830", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2026-01-08T17:15:51.520", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/docket-cache/vulnerability/wordpress-docket-cache-plugin-24-07-04-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-28T18:14:41.391312+00:00", "value": {"mitigation_remediation": ["Update the Docket Cache plugin to the newest available version that removes the missing authorization check.", "If the plugin is not required for site functionality, disable or uninstall it to eliminate the attack surface.", "Review the site\u2019s role and capability configuration to ensure that remaining WordPress user roles are not inadvertently granted elevated permissions that could be abused if similar flaws exist elsewhere."], "summary": {"action": "Patch", "impact": "Broken Access Control"}, "threat_synthesis": {"affected_systems": "The issue affects the Nawawi Jamili Docket Cache WordPress plugin for all versions up through and including 24.07.04. Any site running a version in that range is impacted.", "description_and_impact": "The Docket Cache plugin for WordPress has a missing authorization flaw that allows attackers to bypass correctly configured access control settings. By exploiting this weakness, an attacker can gain unauthorized access to restricted features or data within the plugin, potentially compromising the confidentiality or integrity of the website\u2019s content and configuration. The vulnerability is caused by an absent or insufficient authorization check (CWE-862).", "risk_and_exploitability": "The EPSS score is reported to be less than 1%, indicating a very low probability of exploitation at this time, and the vulnerability is not listed in the CISA KEV catalog. The CVSS score of 4.3 indicates a medium severity. However, because the flaw permits direct unauthorized access to plugin functionality, the potential impact is significant if an attacker successfully leverages the weakness. The attack vector is likely a web-based request to the plugin\u2019s administrative endpoints, and no special conditions beyond typical web access appear to be required. The lack of current exploitation reports suggests limited active exploitation, but the high risk associated with broken access control warrants timely remediation."}}}}, "created": "2026-01-09T13:24:25.396665+00:00", "updated": "2026-04-28T18:15:37.378526+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}