CVE-2024-12559
CVSS 3.1 Score 5.3 of 10 (medium)
Details
Published Jan 7, 2025
CWE ID 862
Summary
CVE-2024-12559: The ClickDesigns plugin for WordPress contains a vulnerability that allows unauthenticated attackers to modify or remove the plugin's API key. This issue arises due to a missing capability check on the 'clickdesigns_add_api' and 'clickdesigns_remove_api' functions, impacting all versions up to 1.8.0. Successful exploitation of this vulnerability could lead to unauthorized access and manipulation of plugin data. Organizations using the ClickDesigns plugin are advised to update to the latest version as soon as possible to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- ClickDesigns
Affected Vendors
- WordPress