CVE-2024-3237 – The ConvertPlug plugin for WordPress is vulnerable to unauthorized modification of data …

4 May 2024

Vuln ID: CVE-2024-3237

Published: 2024-05-04 04:15:08.690

Description: The ConvertPlug plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cp_dismiss_notice() function in all versions up to, and including, 3.5.25. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary option values to true.

Base Score: 5.4 – MEDIUM

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Source: NVD.NIST.GOV

Date:

4 May 2024

Categorie(s):

NVD

Tag(s):

NVD

How to revamp your cybersecurity in the middle of the chaos18 May 2024
Leveling the cybersecurity playing field18 May 2024
Automated pentesting in the cloud18 May 2024
Hardware cybersecurity leader, Flexxon, introduces Server Defender18 May 2024
Aussie cops probe MediSecure’s ‘large-scale ransomware data breach’18 May 2024