CVE-2024-3664 – The Quick Featured Images plugin for WordPress is vulnerable to unauthorized modification …

23 April 2024

Vuln ID: CVE-2024-3664

Published: 2024-04-23 08:15:45.177

Description: The Quick Featured Images plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the set_thumbnail and delete_thumbnail functions in all versions up to, and including, 13.7.0. This makes it possible for authenticated attackers, with contributor-level access and above, to delete thumbnails and add thumbnails to posts they did not author.

Base Score: 4.3 – MEDIUM

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Source: NVD.NIST.GOV

Date:

23 April 2024

Categorie(s):

NVD

Tag(s):

NVD

Best Identity Theft Protection and Monitoring Services for 2024: Aura Is Our New Winner – CNET3 May 2024
Three insights you might have missed from theCUBE’s coverage of Dell Technologies’ ‘Building Cyber Resilience’ event3 May 2024
AWS is issued a renewed certificate for the BIO Thema-uitwerking Clouddiensten with increased scope3 May 2024
Ahead of RSA, Menlo Security announces partnership with Google Cloud for better browser security3 May 2024
It may take decade to shore up software supply chain security, says infosec CEO3 May 2024