WordPress Plugin Vulnerabilities

SiteGuard WP Plugin <= 1.7.9 - Missing Authorization

Description

The plugin is vulnerable to unauthorized access due to a missing capability check on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action.

Affects Plugins

Plugin icon
siteguard
No known fix

References

CVE
CVE-2026-27411
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/8f094317-3088-4660-beae-4cf30df8528b

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Ahmad
Verified
No
WPVDB ID
24533f55-44cd-4621-befc-19043862db4a

Timeline

Publicly Published
2026-02-23 (about 4 months ago)
Added
2026-03-05 (about 3 months ago)
Last Updated
2026-03-05 (about 3 months ago)

Other

Published
Title
Published
2024-01-30
Title
ACF Photo Gallery Field < 2.7 - Missing Authorization
Published
2025-09-23
Title
Super Blank < 1.3.0 - Authenticated (Subscriber+) Arbitrary Content Deletion
Published
2024-10-28
Title
WPC Smart Messages for WooCommerce < 4.2.2 - Missing Authorization to Authenticated (Subscriber+) Message Activation/Deactivation
Published
2026-01-23
Title
LeadConnector < 3.0.22 - Missing Authorization
Published
2026-05-28
Title
Rank Math SEO < 1.0.271.1 - Unauthenticated Homepage SEO Settings Modification