CVE-2024-1318

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Published Feb 29, 2024

Updated: Dec 31, 2024

CWE ID 79

Summary

CVE-2024-1318 is a vulnerability affecting the RSS Aggregator plugin for WordPress, specifically versions up to 4.4.2. This issue arises from a missing capability check on the 'feedzy_wizard_step_process' and 'import_status' functions. Consequently, authenticated attackers with Contributor access or higher can bypass the usual restriction to creating posts and publish posts with arbitrary content instead. This poses a significant risk to website security and data integrity.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Orbit Fox Plugin

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/2ReXlV
https://www.cve.org/CVERecord?id=CVE-2024-1318
https://nvd.nist.gov/vuln/detail/CVE-2024-1318

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2024-1318

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations