CVE-2024-10520

Summary

CVE-2024-10520 is a vulnerability affecting the WP Project Manager plugin for WordPress in version 2.6.14. The issue lies in the missing capability checks in the 'check' method of the 'Create_Milestone', 'Create_Task_List', 'Create_Task', and 'Delete_Task' classes. This vulnerability allows unauthenticated attackers to manipulate project data by creating milestones, task lists, tasks, or deleting tasks at will. Notably, version 2.6.14 introduced a partial fix for this vulnerability. However, the full extent of the issue remains unaddressed, making it crucial for WordPress users to update to a secure version as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.