CVE-2024-12711 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

The RSVP and Event Management plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX functions like bulk_de…
Medium CVSS: 5.3

CVE-2024-12711

The RSVP and Event Management plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX functions like bulk_delete_attendees() and bulk_delete_questions() in all versions up to, and including, 2.7.13. This makes it possible for unauthenticated attackers to delete questions and attendees and for authenticated users to update question menu orders.
Vendor
-
Product
-
CWE
CWE-862
Yayın Tarihi
2025-01-07 12:15:24
Güncelleme
2025-01-07 12:15:24
Source Identifier
security@wordfence.com
KEV Date Added
-

Kategoriler

CWE-862 MEDIUM 2025

Referanslar

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3216473%40rsvp&new=3216473%40rsvp&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/d234212a-2019-477d-81d1-b2acc2321055?source=cve