CVE-2024-10536
CVSS 3.1 Score 4.3 of 10 (medium)
Details
Published Jan 7, 2025
CWE ID 862
Summary
CVE-2024-10536: The FancyPost plugin for WordPress, used for creating posts, blocks, grids, and carousels with Gutenberg and Elementor, contains a vulnerability where the handle_block_shortcode_export() function lacks proper capability checks. This issue grants authenticated attackers with Subscriber-level access and above the ability to export shortcodes, potentially exposing sensitive data.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share