CVE-2024-0791

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Feb 5, 2024

Updated: Feb 13, 2024

CWE ID 862

Summary

CVE-2024-0791 is a vulnerability affecting the WordPress Posts Bulk Editor and Manager Professional plugin. The issue lies in the lack of capability checks on certain functions, namely wpbe_create_new_term, wpbe_update_tax_term, and wpbe_delete_tax_term. Consequently, authenticated attackers, even with subscriber access, can manipulate taxonomy terms, leading to unauthorized data modification or loss. This vulnerability exists in all versions up to and including 1.0.8.1.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uPpotI
https://www.cve.org/CVERecord?id=CVE-2024-0791
https://nvd.nist.gov/vuln/detail/CVE-2024-0791

Back to Vulnerability Database

CVE-2024-0791

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations