CVE-2024-4199

Summary

CVE-2024-4199 is a vulnerability affecting the Bulk Posts Editing plugin for WordPress. This issue, present in all versions up to 4.2.3, allows authenticated attackers with subscriber access or higher to bypass capability checks on the plugin's AJAX actions. The consequences of exploiting this vulnerability include unauthorized post creation and duplication, content retrieval, and taxonomy manipulation. This can pose a significant risk to WordPress sites using the Bulk Posts Editing plugin, making it essential for users to update to the latest version or consider alternative plugins to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.