Missing Authorization Vulnerability in Passionate Brains Add Expires Headers & Optimized Minify Plugin
CVE-2026-24633

5.3MEDIUM

Key Information:

Vendor

WordPress
Status
Add Expires Headers & Optimized Minify
Vendor
CVE Published:
23 January 2026

What is CVE-2026-24633?

A missing authorization vulnerability exists within the Passionate Brains Add Expires Headers & Optimized Minify plugin, allowing unauthorized access due to incorrectly configured security levels. This issue compromises access control, potentially exposing sensitive functionality to unauthorized users in versions up to 3.1.0. Users are advised to review their configurations and update to the latest version to mitigate risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Add Expires Headers & Optimized Minify <= n/a

References

https://patchstack.com/database/Wordpress/Plugin/add-expi...
vdb-entry

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Nabil Irawan | Patchstack Bug Bounty Program
JSON
.