CVE-2024-10536

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Jan 7, 2025
CWE ID 862

Summary

CVE-2024-10536: The FancyPost plugin for WordPress, used for creating posts, blocks, grids, and carousels with Gutenberg and Elementor, contains a vulnerability where the handle_block_shortcode_export() function lacks proper capability checks. This issue grants authenticated attackers with Subscriber-level access and above the ability to export shortcodes, potentially exposing sensitive data.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share