CVE-2024-1371

Опубликовано: 30 апр. 2024

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

The LeadConnector plugin for WordPress is vulnerable to unauthorized modification & loss of data due to a missing capability check on the lc_public_api_proxy() function in all versions up to, and including, 1.7. This makes it possible for unauthenticated attackers to delete arbitrary posts.

Ссылки

https://plugins.trac.wordpress.org/browser/leadconnector/trunk/admin/class-lc-admin.php#L519
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3075667%40leadconnector&new=3075667%40leadconnector&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/79e786ce-a3eb-40df-8dad-4c9c75243bec?source=cve
https://plugins.trac.wordpress.org/browser/leadconnector/trunk/admin/class-lc-admin.php#L519
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3075667%40leadconnector&new=3075667%40leadconnector&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/79e786ce-a3eb-40df-8dad-4c9c75243bec?source=cve

EPSS

Процентиль: 27%

0.00097

Низкий

6.5 Medium

CVSS3

Дефекты

Связанные уязвимости

GHSA-8c6j-52q3-w3c5