WordPress Plugin Vulnerabilities

WP Dummy Content Generator < 3.1.3 - Missing Authorization

Description

The WP Dummy Content Generator plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability check son the wp_dummy_content_generatorDeletePosts() and wp_dummy_content_generatorAjaxGenPosts() functions in versions up to, and including, 3.1.2. This makes it possible for unauthenticated attackers to delete and generate posts.

Affects Plugins

Plugin icon
wp-dummy-content-generator
Fixed in 3.1.3

References

CVE
CVE-2024-24805
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/3b44d23c-4872-491f-8a91-b0feb888ac54

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Huynh Tien Si
Verified
No
WPVDB ID
a819ec6a-b2be-41b3-80a2-82a846ac1041

Timeline

Publicly Published
2024-02-02 (about 3 months ago)
Added
2024-02-05 (about 3 months ago)
Last Updated
2024-02-05 (about 3 months ago)

Other

Published
Title
Published
2024-03-29
Title
Layouts for Elementor < 1.8 - Missing Authorization to Unauthenticated Arbitrary File Upload
Published
2022-06-02
Title
HTML2WP <= 1.0.0 - Subscriber+ Arbitrary File Deletion
Published
2023-12-27
Title
Eazy Plugin Manager < 4.1.3 - Missing Authorization via update_options
Published
2024-01-02
Title
Product Expiry for WooCommerce < 2.6 - Subscriber+ Settings Update
Published
2024-01-10
Title
EventON (Free < 2.2.8, Premium < 4.5.5) - Unauthenticated Virtual Event Password Disclosure