CVE-2024-1318

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Feb 29, 2024

Summary

CVE-2024-1318: The Feedzy RSS Aggregator plugin for WordPress, up to version 4.4.2, contains a vulnerability that allows authenticated attackers with Contributor access or higher to bypass capability checks on the 'feedzy_wizard_step_process' and 'import_status' functions. As a result, these users, who are typically restricted to creating posts, can draft and publish posts with arbitrary content, leading to unauthorized data modification.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/ub8vbp
https://www.cve.org/CVERecord?id=CVE-2024-1318
https://nvd.nist.gov/vuln/detail/CVE-2024-1318

Back to Vulnerability Database

CVE-2024-1318

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations