CVE-2024-11709
CVSS 3.1 Score 4.3 of 10 (medium)
Details
Published Dec 12, 2024
CWE ID 862
Summary
CVE-2024-11709: A critical vulnerability affects the AI Post Generator | AutoWriter plugin for WordPress. This issue stems from a missing capability check on the "ai_post_generator_delete_Post" AJAX action in all plugin versions up to 3.5. Consequently, authenticated attackers, including those with Contributor-level access and above, can arbitrarily delete pages and posts within WordPress sites, posing a significant security risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share