{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24540", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-01-23T12:31:46.853Z", "datePublished": "2026-01-23T14:28:51.836Z", "dateUpdated": "2026-04-28T16:14:48.837Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "integrate-google-drive", "product": "Integrate Google Drive", "vendor": "princeahmed", "versions": [{"lessThanOrEqual": "1.5.6", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Nabil Irawan | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-22T14:20:57.389Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in princeahmed Integrate Google Drive integrate-google-drive allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Integrate Google Drive: from n/a through <= 1.5.6.</p>"}], "value": "Missing Authorization vulnerability in princeahmed Integrate Google Drive integrate-google-drive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integrate Google Drive: from n/a through <= 1.5.6."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:48.837Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/integrate-google-drive/vulnerability/wordpress-integrate-google-drive-plugin-1-5-5-broken-access-control-vulnerability?_s_id=cve"}], "title": "WordPress Integrate Google Drive plugin <= 1.5.6 - Broken Access Control vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-27T16:56:25.374866Z", "id": "CVE-2026-24540", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T14:17:01.906Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24540", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-27T16:56:25.374866Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T16:56:16.082Z"}}], "cna": {"title": "WordPress Integrate Google Drive plugin <= 1.5.6 - Broken Access Control vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "Nabil Irawan | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "princeahmed", "product": "Integrate Google Drive", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.5.6"}], "packageName": "integrate-google-drive", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "datePublic": "2026-04-22T14:20:57.389Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/integrate-google-drive/vulnerability/wordpress-integrate-google-drive-plugin-1-5-5-broken-access-control-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in princeahmed Integrate Google Drive integrate-google-drive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integrate Google Drive: from n/a through <= 1.5.6.", "supportingMedia": [{"type": "text/html", "value": "Missing Authorization vulnerability in princeahmed Integrate Google Drive integrate-google-drive allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Integrate Google Drive: from n/a through <= 1.5.6.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "Missing Authorization"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-23T14:14:05.696Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24540", "state": "PUBLISHED", "dateUpdated": "2026-04-28T14:17:01.906Z", "dateReserved": "2026-01-23T12:31:46.853Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-01-23T14:28:51.836Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in princeahmed Integrate Google Drive integrate-google-drive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integrate Google Drive: from n/a through <= 1.5.6."}, {"lang": "es", "value": "Vulnerabilidad de Autorizaci\u00f3n faltante en Prince Integrate Google Drive integrate-google-drive permite explotar Niveles de Seguridad de Control de Acceso incorrectamente configurados. Este problema afecta a Integrate Google Drive: desde n/a hasta &lt;= 1.5.5."}], "id": "CVE-2026-24540", "lastModified": "2026-04-28T15:16:11.843", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2026-01-23T15:16:10.203", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/integrate-google-drive/vulnerability/wordpress-integrate-google-drive-plugin-1-5-5-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-16T01:49:20.701854+00:00", "value": {"mitigation_remediation": ["Update the Integrate Google Drive plugin to the latest version greater than 1.5.6 to remove the broken access control logic.", "Review and tighten role\u2011based access controls for the plugin, ensuring only authorized users can initiate or view Google Drive operations.", "If the integration is not required, disable or remove the plugin to eliminate the exposure."], "summary": {"action": "Immediate Patch", "impact": "Unauthorized Access to Google Drive Integration"}, "threat_synthesis": {"affected_systems": "The affected component is the Integrate Google Drive WordPress plugin, developed by princeahmed. Versions from the earliest release through version 1.5.6, inclusive, are vulnerable. Any WordPress site using these versions could be impacted.", "description_and_impact": "A flaw in the Integrate Google Drive plugin for WordPress permits an attacker to bypass authorization checks and gain access to Google Drive data linked to the site. The vulnerability stems from improperly enforced access control logic, enabling users or potentially unauthenticated actors to request sensitive information. The weakness is a classic Broken Access Control scenario (CWE\u2011862).", "risk_and_exploitability": "The CVSS base score of 5.4 indicates moderate risk, while the EPSS score of less than 1% suggests exploitation is unlikely but possible. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the attack vector is inferred to be through normal usage of the plugin, potentially exploiting misconfigured user roles or permissions within the WordPress ecosystem. There is no evidence of a publicly exploitable remote code execution path, but unauthorized data retrieval is feasible if an attacker can trigger the plugin\u2019s API calls. The risk is therefore concentrated on privileged or compromised users who can manipulate the plugin\u2019s settings."}}}}, "created": "2026-01-26T11:53:32.303586+00:00", "updated": "2026-04-16T02:00:12.322476+00:00", "vendors": ["prince", "prince$PRODUCT$integrate_google_drive", "wordpress", "wordpress$PRODUCT$wordpress"]}