CVE-2024-12616 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

The Bitly's WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX acti…
Medium CVSS: 4.3

CVE-2024-12616

The Bitly's WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions in all versions up to, and including, 2.7.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update and retrieve plugin settings.
Vendor
-
Product
-
CWE
CWE-862
Yayın Tarihi
2025-01-09 11:15:14
Güncelleme
2025-01-09 11:15:14
Source Identifier
security@wordfence.com
KEV Date Added
-

Kategoriler

CWE-862 MEDIUM 2025

Referanslar

https://plugins.trac.wordpress.org/browser/wp-bitly/trunk/includes/class-wp-bitly-auth.php#L115 https://www.wordfence.com/threat-intel/vulnerabilities/id/b1312c34-45c6-41e5-b6fc-a45ac2c8a0ca?source=cve