CVE-2026-9184: CWE-862 Missing Authorization in 24liveblog 24liveblog – live blog tool
The 24liveblog WordPress plugin version 2.2 and earlier contains a vulnerability due to missing authorization checks in an AJAX function. Authenticated users with author-level access or higher can modify sensitive user meta and site-wide options related to the plugin's integration with the 24liveblog service. This flaw arises because the update_lb24_token() function only verifies a nonce but does not check user capabilities or ownership of the user ID being modified.
AI Analysis
Technical Summary
CVE-2026-9184 describes a missing authorization vulnerability (CWE-862) in the 24liveblog WordPress plugin up to version 2.2. The update_lb24_token() AJAX handler verifies only a nonce ('lb24') but fails to verify the user's capability level or confirm that the user_id parameter belongs to the current user. Consequently, authenticated users with author-level privileges or higher can overwrite critical user meta values (lb24_token, lb24_uid, lb24_refresh_token, lb24_uname) for any user, including administrators, and alter site-wide options. This allows attackers to hijack the plugin's integration with the 24liveblog service.
Potential Impact
An attacker with author-level or higher access can modify authentication tokens and user metadata for any user, including administrators, as well as site-wide plugin options. This can lead to hijacking of the 24liveblog service integration, potentially allowing unauthorized actions or data manipulation within the plugin context. The vulnerability does not impact confidentiality or availability directly but impacts integrity of plugin-related data.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict author-level access to trusted users only and monitor for suspicious changes to user meta related to 24liveblog. Do not rely solely on the nonce for authorization. Follow vendor updates for a security patch addressing this missing capability check.
CVE-2026-9184: CWE-862 Missing Authorization in 24liveblog 24liveblog – live blog tool
Description
The 24liveblog WordPress plugin version 2.2 and earlier contains a vulnerability due to missing authorization checks in an AJAX function. Authenticated users with author-level access or higher can modify sensitive user meta and site-wide options related to the plugin's integration with the 24liveblog service. This flaw arises because the update_lb24_token() function only verifies a nonce but does not check user capabilities or ownership of the user ID being modified.
CVSS v3.1
Score 4.3medium
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-9184 describes a missing authorization vulnerability (CWE-862) in the 24liveblog WordPress plugin up to version 2.2. The update_lb24_token() AJAX handler verifies only a nonce ('lb24') but fails to verify the user's capability level or confirm that the user_id parameter belongs to the current user. Consequently, authenticated users with author-level privileges or higher can overwrite critical user meta values (lb24_token, lb24_uid, lb24_refresh_token, lb24_uname) for any user, including administrators, and alter site-wide options. This allows attackers to hijack the plugin's integration with the 24liveblog service.
Potential Impact
An attacker with author-level or higher access can modify authentication tokens and user metadata for any user, including administrators, as well as site-wide plugin options. This can lead to hijacking of the 24liveblog service integration, potentially allowing unauthorized actions or data manipulation within the plugin context. The vulnerability does not impact confidentiality or availability directly but impacts integrity of plugin-related data.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict author-level access to trusted users only and monitor for suspicious changes to user meta related to 24liveblog. Do not rely solely on the nonce for authorization. Follow vendor updates for a security patch addressing this missing capability check.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Wordfence
- Date Reserved
- 2026-05-21T14:55:58.925Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a3b7813eed863c81e5f731e
Added to database: 06/24/2026, 06:24:19 UTC
Last enriched: 06/24/2026, 06:40:55 UTC
Last updated: 06/24/2026, 07:39:50 UTC
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.