CVE-2024-11690

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Jan 7, 2025
CWE ID 79

Summary

CVE-2024-11496 is a vulnerability affecting the Infility Global plugin for WordPress. The issue lies within the infility_global_ajax function, which lacks proper capability checks. This flaw allows authenticated attackers, with Subscriber-level access or higher, to manipulate plugin options, potentially resulting in site malfunction. Versions up to and including 2.9.8 are reportedly vulnerable.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share