CVE-2024-11844
CVSS 3.1 Score 4.3 of 10 (medium)
Details
Published Dec 3, 2024
CWE ID 862
Summary
CVE-2024-11844: The IdeaPush plugin for WordPress, affecting versions up to 8.71, contains a vulnerability where the idea_push_taxonomy_save_routine function lacks proper capability checks. This issue allows authenticated attackers, with Subscriber-level access and higher, to delete terms within the "boards" taxonomy, leading to unauthorized modification of plugin data.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- IdeaPush Plugin
Affected Vendors
- WordPress