CVE-2024-0829

Summary

CVE-2024-0829 is a vulnerability found in the Comments Extra Fields For Post, Pages, and CPT plugin for WordPress. This vulnerability affects all versions up to and including 5.0. The issue arises from missing or incorrect capability checks on several ajax actions, which allows authenticated attackers with subscriber access or higher privileges to exploit these actions. As a result, attackers can modify comment form fields and update plugin settings. The risk score for this vulnerability is 5, indicating a medium severity level. No changes have been made to the rating provided by [email protected], which states that the exploitability score is 2.8 out of 10. The base severity score is categorized as medium at 4.3 out of 10. The privileges required for exploitation are low, with no user interaction required, and the attack vector is through the network. The impact on integrity is low, and there is no impact on confidentiality. The attack complexity is low, and there is no availability impact identified. Remediation steps or further analysis are not provided in the information available.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.