CVE-2024-12542 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

The linkID plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all vers…
High CVSS: 8.6

CVE-2024-12542

The linkID plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all versions up to, and including, 0.1.2. This makes it possible for unauthenticated attackers to read configuration settings and predefined variables on the site's server. The plugin does not need to be activated for the vulnerability to be exploited.
Vendor
-
Product
-
CWE
CWE-862
Yayın Tarihi
2025-01-09 11:15:14
Güncelleme
2025-01-09 11:15:14
Source Identifier
security@wordfence.com
KEV Date Added
-

Kategoriler

CWE-862 HIGH 2025

Referanslar

https://plugins.trac.wordpress.org/browser/linkid/trunk/lib/linkid/linkid-sdk-php/util/index.php#L1 https://www.wordfence.com/threat-intel/vulnerabilities/id/b2fe5315-37b7-4009-b2e5-909e6b5ed1da?source=cve