Refine your search
2 vulnerabilities found for by SiteLock
CVE-2026-24532 (GCVE-0-2026-24532)
Vulnerability from cvelistv5
Published
2026-01-23 14:28
Modified
2026-04-28 16:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
Missing Authorization vulnerability in SiteLock SiteLock Security – WP Hardening, Login Security & Malware Scans sitelock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteLock Security – WP Hardening, Login Security & Malware Scans: from n/a through <= 5.0.2.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SiteLock | SiteLock Security – WP Hardening, Login Security & Malware Scans |
Version: 0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24532",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-28T14:14:24.674924Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T14:14:27.403Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "sitelock",
"product": "SiteLock Security \u2013 WP Hardening, Login Security \u0026 Malware Scans",
"vendor": "SiteLock",
"versions": [
{
"changes": [
{
"at": "5.0.3",
"status": "unaffected"
}
],
"lessThanOrEqual": "5.0.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nabil Irawan | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-22T14:20:57.173Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in SiteLock SiteLock Security \u2013 WP Hardening, Login Security \u0026 Malware Scans sitelock allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects SiteLock Security \u2013 WP Hardening, Login Security \u0026 Malware Scans: from n/a through \u003c= 5.0.2.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in SiteLock SiteLock Security \u2013 WP Hardening, Login Security \u0026 Malware Scans sitelock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteLock Security \u2013 WP Hardening, Login Security \u0026 Malware Scans: from n/a through \u003c= 5.0.2."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:14:48.776Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/sitelock/vulnerability/wordpress-sitelock-security-plugin-5-0-2-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "WordPress SiteLock Security plugin \u003c= 5.0.2 - Broken Access Control vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2026-24532",
"datePublished": "2026-01-23T14:28:50.669Z",
"dateReserved": "2026-01-23T12:31:40.820Z",
"dateUpdated": "2026-04-28T16:14:48.776Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-62128 (GCVE-0-2025-62128)
Vulnerability from cvelistv5
Published
2025-12-30 16:23
Modified
2026-04-28 16:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
Missing Authorization vulnerability in SiteLock SiteLock Security – WP Hardening, Login Security & Malware Scans sitelock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteLock Security – WP Hardening, Login Security & Malware Scans: from n/a through <= 5.0.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SiteLock | SiteLock Security – WP Hardening, Login Security & Malware Scans |
Version: 0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62128",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-30T19:25:21.341914Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-30T19:25:36.389Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "sitelock",
"product": "SiteLock Security \u2013 WP Hardening, Login Security \u0026 Malware Scans",
"vendor": "SiteLock",
"versions": [
{
"changes": [
{
"at": "5.0.2",
"status": "unaffected"
}
],
"lessThanOrEqual": "5.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Legion Hunter | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:43:16.817Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in SiteLock SiteLock Security \u2013 WP Hardening, Login Security \u0026 Malware Scans sitelock allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects SiteLock Security \u2013 WP Hardening, Login Security \u0026 Malware Scans: from n/a through \u003c= 5.0.1.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in SiteLock SiteLock Security \u2013 WP Hardening, Login Security \u0026 Malware Scans sitelock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteLock Security \u2013 WP Hardening, Login Security \u0026 Malware Scans: from n/a through \u003c= 5.0.1."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:14:02.676Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/sitelock/vulnerability/wordpress-sitelock-security-plugin-5-0-1-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "WordPress SiteLock Security plugin \u003c= 5.0.1 - Broken Access Control vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-62128",
"datePublished": "2025-12-30T16:23:46.871Z",
"dateReserved": "2025-10-07T15:41:41.480Z",
"dateUpdated": "2026-04-28T16:14:02.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}