Description
Missing Authorization vulnerability in SiteLock SiteLock Security – WP Hardening, Login Security & Malware Scans sitelock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteLock Security – WP Hardening, Login Security & Malware Scans: from n/a through <= 5.0.2.
Published: 2026-01-23
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized access due to missing authorization controls
Action: Patch
AI Analysis

Impact

The SiteLock Security – WP Hardening, Login Security & Malware Scans plugin contains a missing authorization flaw that lets attackers bypass the plugin’s configured security levels. Classified as CWE‑862, the vulnerability allows an attacker to reach administrative endpoints that should be restricted, potentially exposing plugin settings and other sensitive data. While the description does not note arbitrary code execution, the loss of access control threatens the confidentiality and integrity of the WordPress site.

Affected Systems

All installations of SiteLock Security – WP Hardening, Login Security & Malware Scans from the earliest available versions up to and including 5.0.2 are vulnerable. The product is offered by SiteLock, and any site running one of these versions is at risk regardless of its WordPress version.

Risk and Exploitability

With a CVSS score of 4.3 this vulnerability is moderate severity. The EPSS score is below 1 %, indicating a relatively low probability of exploitation in the wild, and it is not listed in the CISA KEV catalog. Attackers would likely target the plugin via web‑based administrative interfaces, crafting requests that exploit the missing access control to gain unauthorized access. The lack of mitigations beyond proper authorization makes the flaw a serious threat when the site is exposed to the network.

Generated by OpenCVE AI on April 29, 2026 at 00:56 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑supplied patch by upgrading SiteLock Security – WP Hardening, Login Security & Malware Scans to the latest release that contains the authorization fix.
  • If an update is not available, temporarily disable the plugin until a vendor fix is released.
  • Restrict administrative access to the plugin’s endpoints by enforcing HTTPS, using role‑based restrictions, and limiting access to trusted IP addresses.

Generated by OpenCVE AI on April 29, 2026 at 00:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in SiteLock SiteLock Security – WP Hardening, Login Security & Malware Scans allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteLock Security – WP Hardening, Login Security & Malware Scans: from n/a through 5.0.2. Missing Authorization vulnerability in SiteLock SiteLock Security – WP Hardening, Login Security & Malware Scans sitelock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteLock Security – WP Hardening, Login Security & Malware Scans: from n/a through <= 5.0.2.
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

 cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Tue, 17 Feb 2026 11:30:00 +0000

Type Values Removed Values Added
References

Tue, 17 Feb 2026 11:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in SiteLock SiteLock Security sitelock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteLock Security: from n/a through <= 5.0.2. Missing Authorization vulnerability in SiteLock SiteLock Security – WP Hardening, Login Security & Malware Scans allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteLock Security – WP Hardening, Login Security & Malware Scans: from n/a through 5.0.2.
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Mon, 26 Jan 2026 23:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 26 Jan 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Vendors & Products Wordpress
Wordpress wordpress

Fri, 23 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in SiteLock SiteLock Security sitelock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteLock Security: from n/a through <= 5.0.2.
Title WordPress SiteLock Security plugin <= 5.0.2 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:14:48.776Z

Reserved: 2026-01-23T12:31:40.820Z

Link: CVE-2026-24532

cve-icon Vulnrichment

Updated: 2026-01-26T19:08:53.558Z

cve-icon NVD

Status : Deferred

Published: 2026-01-23T15:16:09.273

Modified: 2026-04-28T15:16:10.983

Link: CVE-2026-24532

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T01:00:11Z

Weaknesses