CVE-2024-12559 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

The ClickDesigns plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'clickdesigns_add_api' and the…
Medium CVSS: 5.3

CVE-2024-12559

The ClickDesigns plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'clickdesigns_add_api' and the 'clickdesigns_remove_api' functions in all versions up to, and including, 1.8.0. This makes it possible for unauthenticated attackers to modify or remove the plugin's API key.
Vendor
-
Product
-
CWE
CWE-862
Yayın Tarihi
2025-01-07 04:15:09
Güncelleme
2025-01-07 04:15:09
Source Identifier
security@wordfence.com
KEV Date Added
-

Kategoriler

CWE-862 MEDIUM 2025

Referanslar

https://plugins.trac.wordpress.org/browser/clickdesigns/tags/1.8.0/includes/clickdesigns-ajax.php#L64 https://plugins.trac.wordpress.org/browser/clickdesigns/tags/1.8.0/includes/clickdesigns-ajax.php#L79 https://www.wordfence.com/threat-intel/vulnerabilities/id/c1d19968-dbd8-4433-99a7-b973a59c4653?source=cve