CVE-2024-12018
CVSS 3.1 Score 4.3 of 10 (medium)
Details
Published Dec 12, 2024
CWE ID 862
Summary
CVE-2024-12018 is a vulnerability affecting the Snippet Shortcodes plugin for WordPress. In all versions up to 4.1.6, the plugin lacks proper authorization for shortcode deletion, making it possible for authenticated attackers with Subscriber-level access or higher to delete the plugin's Shortcodes. The vulnerability stems from an issue with a nonce, which is intended for authentication, but is leaked, allowing unauthorized deletion of the shortcodes.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share