The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'delete_payment' function in all versions up to, and including, 16.26.6. This makes it possible for unauthenticated attackers to delete arbitrary payments.
References
Link | Resource |
---|---|
https://wordpress.org/plugins/wp-recall/ | Product |
https://www.wordfence.com/threat-intel/vulnerabilities/id/6b84b13a-b46c-48fc-a7a8-de32c575d576?source=cve | Third Party Advisory |
Configurations
History
24 Jul 2024, 20:32
Type | Values Removed | Values Added |
---|---|---|
References | () https://wordpress.org/plugins/wp-recall/ - Product | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/6b84b13a-b46c-48fc-a7a8-de32c575d576?source=cve - Third Party Advisory | |
CWE | CWE-862 | |
First Time |
Plechevandrey
Plechevandrey wp-recall |
|
CPE | cpe:2.3:a:plechevandrey:wp-recall:*:*:*:*:*:wordpress:*:* |
06 Jun 2024, 14:17
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
06 Jun 2024, 04:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-06 04:15
Updated : 2024-07-24 20:32
NVD link : CVE-2024-1175
Mitre link : CVE-2024-1175
CVE.ORG link : CVE-2024-1175
JSON object : View
Products Affected
plechevandrey
- wp-recall
CWE
CWE-862
Missing Authorization