CVE-2024-1649

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Feb 27, 2024

Summary

CVE-2024-1649 is a vulnerability affecting the Categorify plugin for WordPress. This issue allows authenticated attackers, with subscriber-level access and above, to delete categories due to a missing capability check in the function categorifyAjaxDeleteCategory, impacting all versions up to and including 1.0.7.4. This vulnerability could lead to unauthorized modification of data within WordPress sites using the Categorify plugin.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/ulMGBZ
https://www.cve.org/CVERecord?id=CVE-2024-1649
https://nvd.nist.gov/vuln/detail/CVE-2024-1649

Back to Vulnerability Database

CVE-2024-1649

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations