CVE-2024-12176
CVSS 3.1 Score 5.3 of 10 (medium)
Details
Published Jan 7, 2025
CWE ID 862
Summary
CVE-2024-12176: A critical vulnerability affects the WordLift SEO plugin for WordPress. Unauthenticated attackers can exploit this issue by bypassing capability checks on the 'wl_config_plugin' AJAX action, present in all versions up to 3.54.0. Successful exploitation grants attackers the ability to modify the plugin's settings. This vulnerability poses a significant risk and requires immediate patching to protect WordPress sites from unauthorized updates.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share