CVE-2026-22492 - Vulnerability Details

- WordPress Docket Cache plugin <= 24.07.04 - Broken Access Control vulnerability

Description

Missing Authorization vulnerability in Nawawi Jamili Docket Cache docket-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Docket Cache: from n/a through <= 24.07.04.

Published: 2026-01-08

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The Docket Cache plugin for WordPress has a missing authorization flaw that allows attackers to bypass correctly configured access control settings. By exploiting this weakness, an attacker can gain unauthorized access to restricted features or data within the plugin, potentially compromising the confidentiality or integrity of the website’s content and configuration. The vulnerability is caused by an absent or insufficient authorization check (CWE-862).

Affected Systems

The issue affects the Nawawi Jamili Docket Cache WordPress plugin for all versions up through and including 24.07.04. Any site running a version in that range is impacted.

Risk and Exploitability

The EPSS score is reported to be less than 1%, indicating a very low probability of exploitation at this time, and the vulnerability is not listed in the CISA KEV catalog. However, because the flaw permits direct unauthorized access to plugin functionality, the potential impact is significant if an attacker successfully leverages the weakness. The attack vector is likely a web-based request to the plugin’s administrative endpoints, and no special conditions beyond typical web access appear to be required. The lack of current exploitation reports suggests limited active exploitation, but the high risk associated with broken access control warrants timely remediation.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Nawawi Jamili

Docket Cache

unaffected

Version	Status	Constraints
`0`	affected	≤ 24.07.04

No data.

Vendor	Product	Confidence	Versions
Wordpress	Wordpress	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the Docket Cache plugin to the newest available version that removes the missing authorization check.
If the plugin is not required for site functionality, disable or uninstall it to eliminate the attack surface.
Review the site’s role and capability configuration to ensure that remaining WordPress user roles are not inadvertently granted elevated permissions that could be abused if similar flaws exist elsewhere.

Generated by OpenCVE AI on April 16, 2026 at 08:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00025.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://patchstack.com/database/Wordpress/Plugin/docket-cache/vulnerability/wordpress-docket-cache-plugin-24-07-04-broken-access-control-vulnerability?_s_id=cve

History

Wed, 01 Apr 2026 23:45:00 +0000

Type	Values Removed	Values Added
Description	Missing Authorization vulnerability in Nawawi Jamili Docket Cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Docket Cache: from n/a through 24.07.04.	Missing Authorization vulnerability in Nawawi Jamili Docket Cache docket-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Docket Cache: from n/a through <= 24.07.04.
References	https://patchstack.com/database/wordpress/plugin/docket-cache/vulnerability/wordpress-docket-cache-plugin-24-07-04-broken-access-control-vulnerability?_s_id=cve	https://patchstack.com/database/Wordpress/Plugin/docket-cache/vulnerability/wordpress-docket-cache-plugin-24-07-04-broken-access-control-vulnerability?_s_id=cve
Metrics	cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L'}`

Fri, 09 Jan 2026 13:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Wordpress Wordpress wordpress
Vendors & Products		Wordpress Wordpress wordpress

Thu, 08 Jan 2026 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 08 Jan 2026 16:45:00 +0000

Type	Values Removed	Values Added
Description		Missing Authorization vulnerability in Nawawi Jamili Docket Cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Docket Cache: from n/a through 24.07.04.
Title		WordPress Docket Cache plugin <= 24.07.04 - Broken Access Control vulnerability
Weaknesses		CWE-862
References		https://patchstack.com/database/wordpress/plugin/docket-cache/vulnerability/wordpress-docket-cache-plugin-24-07-04-broken-access-control-vulnerability?_s_id=cve
Metrics		cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L'}`

Subscriptions

Wordpress Wordpress

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2026-01-08T16:23:26.291Z

Updated: 2026-04-01T18:28:37.792Z

Reserved: 2026-01-07T13:44:23.295Z

Link: CVE-2026-22492

Vulnrichment

Updated: 2026-01-08T16:59:26.267Z

NVD

Status : Deferred

Published: 2026-01-08T17:15:51.520

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-22492

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-16T09:00:05Z

Weaknesses

CWE-862

Impact

Affected Systems

Risk and Exploitability

Tracking

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object