CVE-2024-10664

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Dec 4, 2024
CWE ID 862

Summary

CVE-2024-10664 is a vulnerability affecting the BasePress Docs plugin for WordPress. This issue allows authenticated attackers, even those with Subscriber-level access, to unauthorizedly modify data. The root cause is a missing capability check in the basepress_db_posts_update() function, which is present in all versions up to 2.16.3.3. Consequently, attackers can manipulate the database, posing a potential security threat to websites using the vulnerable plugin.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share