CVE-2024-10078
WP Easy Post Types <= 1.4.4 - Authenticated (Subscriber+) Missing Authorization via Multiple Functions
The WP Easy Post Types plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 1.4.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to add, modify, or delete plugin options and posts.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Produtos afetados
chertz · WP Easy Post TypesQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L111https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L112https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L113https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L114https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L115https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L116https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L117https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L118https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L119https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L120https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L121https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L122