CVE-2024-9587

Summary

CVE-2024-9587 affects the Linkz.ai plugin for WordPress, specifically in versions up to and including 1.1.8, due to a missing capability check on the 'ajax_linkz' function. This vulnerability allows authenticated attackers with contributor-level privileges or higher to modify plugin settings without authorization. Organizations using the affected versions may face medium severity risks, as the integrity of their data could be compromised while confidentiality remains unaffected. To remediate the issue, users should update to a patched version of the plugin that addresses this vulnerability. The exploitability score for this vulnerability is rated at 2.8, indicating a low attack complexity and minimal user interaction required for exploitation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.