The WP Easy Post Types plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 1.4.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to add, modify, or delete plugin options and posts.
References
Configurations
History
22 Oct 2024, 16:28
Type | Values Removed | Values Added |
---|---|---|
First Time |
Newsignature wp Easy Post Types
Newsignature |
|
Summary |
|
|
References | () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L111 - Product | |
References | () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L112 - Product | |
References | () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L113 - Product | |
References | () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L114 - Product | |
References | () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L115 - Product | |
References | () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L116 - Product | |
References | () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L117 - Product | |
References | () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L118 - Product | |
References | () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L119 - Product | |
References | () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L120 - Product | |
References | () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L121 - Product | |
References | () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L122 - Product | |
References | () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L123 - Product | |
References | () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L124 - Product | |
References | () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L125 - Product | |
References | () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L126 - Product | |
References | () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L127 - Product | |
References | () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L128 - Product | |
References | () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L129 - Product | |
References | () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L130 - Product | |
References | () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L131 - Product | |
References | () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L132 - Product | |
References | () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L133 - Product | |
References | () https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L134 - Product | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/d12c4b1c-23d0-430f-a6ea-0a3ab487ed10?source=cve - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
CPE | cpe:2.3:a:newsignature:wp_easy_post_types:*:*:*:*:*:wordpress:*:* |
18 Oct 2024, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-18 08:15
Updated : 2024-10-22 16:28
NVD link : CVE-2024-10078
Mitre link : CVE-2024-10078
CVE.ORG link : CVE-2024-10078
JSON object : View
Products Affected
newsignature
- wp_easy_post_types
CWE
CWE-862
Missing Authorization