CVE-2024-3237
Severity:
MEDIUM
Type:
Unavailable / Other
Publication date:
04/05/2024
Last modified:
06/05/2024
Description
The ConvertPlug plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cp_dismiss_notice() function in all versions up to, and including, 3.5.25. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary option values to true.
Impact
Base Score 3.x
5.40
Severity 3.x
MEDIUM