CVE-2024-13370

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Jan 25, 2025
Updated: Feb 4, 2025
CWE ID 862

Summary

CVE-2024-13370 is a vulnerability affecting the Youzify plugin for WordPress. This issue allows authenticated attackers, even those with Subscriber-level access or higher, to manipulate arbitrary options by bypassing a missing capability check on the save_addon_key_license() function. Versions of the plugin up to and including 1.3.2 are vulnerable to this unauthorized access, potentially exposing sensitive information or allowing further system compromise.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share