Description
Unauthenticated Broken Access Control in SiteGround Email Marketing <= 1.7.5 versions.
Published: 2026-06-26
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an unauthenticated broken access control flaw in the SiteGround Email Marketing plugin for WordPress. It allows an attacker to reach privileged actions or data within the plugin that should require authentication, as the plugin fails to verify the user’s access level. The result is a potential data leak or manipulation of marketing lists, which can compromise confidentiality or integrity of the user’s email marketing assets.

Affected Systems

The affected software is the SiteGround Email Marketing plugin for WordPress, version 1.7.5 or older. This includes all WordPress installations that have not yet applied the 1.7.6 update from SiteGround. The plugin is developed by SiteGround and used by WordPress sites for email marketing integration.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate impact. The EPSS score is not provided, and the vulnerability is not listed in CISA’s KEV catalog. The attack vector is likely from any unauthenticated visitor who can make HTTP requests to the plugin’s exposed endpoints, which can be used to execute privileged plugin functions. Given the lack of hardening, the condition is likely to be met on a typical WordPress site, making exploitation feasible if the plugin is present and not patched.

Generated by OpenCVE AI on June 26, 2026 at 16:20 UTC.

Remediation

Vendor Solution

Update the WordPress SiteGround Email Marketing Plugin to the latest available version (at least 1.7.6).

OpenCVE Recommended Actions

  • Update the SiteGround Email Marketing plugin to version 1.7.6 or later to apply the official fix.
  • Disable the plugin if it is not required for site operation.
  • Apply network-level restrictions or IP whitelisting to limit access to the plugin’s administrative interface as a temporary measure.

Generated by OpenCVE AI on June 26, 2026 at 16:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 26 Jun 2026 15:15:00 +0000

Type Values Removed Values Added
Description Unauthenticated Broken Access Control in SiteGround Email Marketing <= 1.7.5 versions.
Title WordPress SiteGround Email Marketing plugin <= 1.7.5 - Broken Access Control vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-06-26T20:19:27.737Z

Reserved: 2026-01-23T12:31:46.854Z

Link: CVE-2026-24547

cve-icon Vulnrichment

Updated: 2026-06-26T20:19:23.161Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T16:30:03Z

Weaknesses