CVE-2024-1851

CVSS 3.1 Score 6.3 of 10 (medium)

Details

Published Mar 8, 2024

Summary

CVE-2024-1851 is a vulnerability affecting the WordPress Affiliate Plugin, specifically the affiliate-toolkit. This issue arises from a missing capability check on the atkp_create_list() function, which is present in all versions up to 3.5.4. Consequently, authenticated attackers, including those with subscriber-level access and above, can exploit this flaw to execute unauthorized actions, such as creating product lists, thereby posing a significant security risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uoNSlO
https://www.cve.org/CVERecord?id=CVE-2024-1851
https://nvd.nist.gov/vuln/detail/CVE-2024-1851

Back to Vulnerability Database

CVE-2024-1851

CVSS 3.1 Score 6.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations