{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24619", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-01-23T12:32:24.372Z", "datePublished": "2026-01-23T14:29:05.887Z", "dateUpdated": "2026-04-28T16:14:50.406Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "popcashnet-code-integration-tool", "product": "PopCash.Net Code Integration Tool", "vendor": "PopCash", "versions": [{"changes": [{"at": "2.0", "status": "unaffected"}], "lessThanOrEqual": "1.8", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Legion Hunter | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-22T14:20:46.610Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in PopCash PopCash.Net Code Integration Tool popcashnet-code-integration-tool allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects PopCash.Net Code Integration Tool: from n/a through <= 1.8.</p>"}], "value": "Missing Authorization vulnerability in PopCash PopCash.Net Code Integration Tool popcashnet-code-integration-tool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PopCash.Net Code Integration Tool: from n/a through <= 1.8."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:50.406Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/popcashnet-code-integration-tool/vulnerability/wordpress-popcash-net-code-integration-tool-plugin-1-8-broken-access-control-vulnerability?_s_id=cve"}], "title": "WordPress PopCash.Net Code Integration Tool plugin <= 1.8 - Broken Access Control vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-23T17:50:01.620703Z", "id": "CVE-2026-24619", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T14:39:36.152Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24619", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-23T17:50:01.620703Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-23T17:50:13.557Z"}}], "cna": {"title": "WordPress PopCash.Net Code Integration Tool plugin <= 1.8 - Broken Access Control vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "Legion Hunter | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "PopCash", "product": "PopCash.Net Code Integration Tool", "versions": [{"status": "affected", "changes": [{"at": "2.0", "status": "unaffected"}], "version": "0", "versionType": "custom", "lessThanOrEqual": "1.8"}], "packageName": "popcashnet-code-integration-tool", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "datePublic": "2026-04-22T14:20:46.610Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/popcashnet-code-integration-tool/vulnerability/wordpress-popcash-net-code-integration-tool-plugin-1-8-broken-access-control-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in PopCash PopCash.Net Code Integration Tool popcashnet-code-integration-tool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PopCash.Net Code Integration Tool: from n/a through <= 1.8.", "supportingMedia": [{"type": "text/html", "value": "Missing Authorization vulnerability in PopCash PopCash.Net Code Integration Tool popcashnet-code-integration-tool allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects PopCash.Net Code Integration Tool: from n/a through <= 1.8.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "Missing Authorization"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:50.406Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24619", "state": "PUBLISHED", "dateUpdated": "2026-04-28T16:14:50.406Z", "dateReserved": "2026-01-23T12:32:24.372Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-01-23T14:29:05.887Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in PopCash PopCash.Net Code Integration Tool popcashnet-code-integration-tool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PopCash.Net Code Integration Tool: from n/a through <= 1.8."}, {"lang": "es", "value": "Vulnerabilidad de autorizaci\u00f3n faltante en PopCash PopCash.Net Code Integration Tool popcashnet-code-integration-tool permite la explotaci\u00f3n de niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a PopCash.Net Code Integration Tool: desde n/a hasta &lt;= 1.8."}], "id": "CVE-2026-24619", "lastModified": "2026-04-28T15:16:20.033", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2026-01-23T15:16:20.890", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/popcashnet-code-integration-tool/vulnerability/wordpress-popcash-net-code-integration-tool-plugin-1-8-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-16T07:23:56.071007+00:00", "value": {"mitigation_remediation": ["Upgrade PopCash.Net Code Integration Tool to a version newer than 1.8", "If an upgrade is not feasible, restrict the plugin\u2019s administrative URLs to a limited set of IP addresses or enforce strong authentication", "Audit and enforce correct role-based permissions within WordPress to prevent unauthorized access to plugin features", "Monitor the site for suspicious activity around the plugin\u2019s endpoints and review logs for unauthorized attempts"], "summary": {"action": "Patch Update", "impact": "Unauthorized Access"}, "threat_synthesis": {"affected_systems": "The issue affects the PopCash.Net Code Integration Tool plugin for WordPress, developed by PopCash. Versions up to and including 1.8 are impacted. Users who have installed any of these versions on their WordPress installations are vulnerable until they upgrade.", "description_and_impact": "The vulnerability is a missing authorization flaw that allows attackers to bypass the required checks for protected endpoints in the PopCash.Net Code Integration Tool plugin. This can enable unauthorized users to read, modify, or delete sensitive plugin data and settings, potentially compromising the security posture of the entire WordPress site. The weakness corresponds to CWE-862 (Broken Access Control).", "risk_and_exploitability": "The CVSS score of 5.3 indicates moderate risk, and the EPSS score of less than 1% suggests a very low probability of exploitation. The vulnerability is not listed in CISA\u2019s KEV catalog. Based on the description, it is inferred that attackers can gain access by sending crafted HTTP requests to the plugin\u2019s admin URLs, exploiting the lack of proper access checks; the likely attack vector is remote via the public web interface. Therefore, there is a modest but real risk if the plugin remains unpatched and its administrative interfaces are exposed to untrusted users."}}}}, "created": "2026-01-26T11:52:37.449539+00:00", "updated": "2026-04-16T07:30:28.604679+00:00", "vendors": ["popcash", "popcash$PRODUCT$popcash.net_code_integration_tool", "wordpress", "wordpress$PRODUCT$wordpress"]}