CVE-2024-9587
CVSS 3.1 Score 4.3 of 10 (medium)
Attack Complexity low
Integrity low
Privileges Required low
Confidentiality none
Availability none
Scope unchanged
Details
Published Oct 11, 2024
Updated: Jan 29, 2025
CWE ID 862
Summary
CVE-2024-9587 is a vulnerability affecting the Linkz.ai plugin for WordPress. The issue lies in the 'ajax_linkz' function, which lacks the necessary capability checks in versions up to 1.1.8. Consequently, authenticated attackers with contributor-level access or higher can exploit this flaw to unauthorizedly modify plugin settings. This vulnerability poses a potential risk to WordPress sites using the Linkz.ai plugin and should be addressed promptly by applying the necessary updates or patches.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Linkz.Ai Plugin
Affected Vendors
- WordPress