CVE-2024-9587

CVSS 3.1 Score 4.3 of 10 (medium)

Attack Complexity low
Integrity low
Privileges Required low
Confidentiality none
Availability none
Scope unchanged

Details

Published Oct 11, 2024
Updated: Jan 29, 2025
CWE ID 862

Summary

CVE-2024-9587 is a vulnerability affecting the Linkz.ai plugin for WordPress. The issue lies in the 'ajax_linkz' function, which lacks the necessary capability checks in versions up to 1.1.8. Consequently, authenticated attackers with contributor-level access or higher can exploit this flaw to unauthorizedly modify plugin settings. This vulnerability poses a potential risk to WordPress sites using the Linkz.ai plugin and should be addressed promptly by applying the necessary updates or patches.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Linkz.Ai Plugin

Affected Vendors

  • WordPress