CVE-2024-10078

The WP Easy Post Types plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 1.4.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to add, modify, or delete plugin options and posts.
References
Link Resource
https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L111 Product
https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L112 Product
https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L113 Product
https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L114 Product
https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L115 Product
https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L116 Product
https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L117 Product
https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L118 Product
https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L119 Product
https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L120 Product
https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L121 Product
https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L122 Product
https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L123 Product
https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L124 Product
https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L125 Product
https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L126 Product
https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L127 Product
https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L128 Product
https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L129 Product
https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L130 Product
https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L131 Product
https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L132 Product
https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L133 Product
https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L134 Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/d12c4b1c-23d0-430f-a6ea-0a3ab487ed10?source=cve Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:newsignature:wp_easy_post_types:*:*:*:*:*:wordpress:*:*

History

22 Oct 2024, 16:28

Type Values Removed Values Added
First Time Newsignature wp Easy Post Types
Newsignature
Summary
  • (es) El complemento WP Easy Post Types para WordPress es vulnerable al acceso no autorizado, la modificación y la pérdida de datos debido a la falta de una comprobación de capacidad en varias funciones en todas las versiones hasta la 1.4.4 incluida. Esto permite que atacantes autenticados, con acceso de nivel de suscriptor o superior, agreguen, modifiquen o eliminen opciones y publicaciones del complemento.
References () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L111 - () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L111 - Product
References () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L112 - () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L112 - Product
References () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L113 - () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L113 - Product
References () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L114 - () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L114 - Product
References () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L115 - () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L115 - Product
References () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L116 - () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L116 - Product
References () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L117 - () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L117 - Product
References () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L118 - () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L118 - Product
References () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L119 - () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L119 - Product
References () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L120 - () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L120 - Product
References () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L121 - () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L121 - Product
References () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L122 - () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L122 - Product
References () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L123 - () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L123 - Product
References () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L124 - () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L124 - Product
References () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L125 - () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L125 - Product
References () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L126 - () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L126 - Product
References () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L127 - () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L127 - Product
References () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L128 - () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L128 - Product
References () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L129 - () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L129 - Product
References () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L130 - () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L130 - Product
References () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L131 - () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L131 - Product
References () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L132 - () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L132 - Product
References () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L133 - () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L133 - Product
References () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L134 - () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L134 - Product
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/d12c4b1c-23d0-430f-a6ea-0a3ab487ed10?source=cve - () https://www.wordfence.com/threat-intel/vulnerabilities/id/d12c4b1c-23d0-430f-a6ea-0a3ab487ed10?source=cve - Third Party Advisory
CVSS v2 : unknown
v3 : 7.3
v2 : unknown
v3 : 5.4
CPE cpe:2.3:a:newsignature:wp_easy_post_types:*:*:*:*:*:wordpress:*:*

18 Oct 2024, 08:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-18 08:15

Updated : 2024-10-22 16:28


NVD link : CVE-2024-10078

Mitre link : CVE-2024-10078

CVE.ORG link : CVE-2024-10078


JSON object : View

Products Affected

newsignature

  • wp_easy_post_types
CWE
CWE-862

Missing Authorization