CVE-2024-13643

Summary

CVE-2024-13643 is a vulnerability affecting the Zox News plugin for WordPress. This issue allows authenticated attackers, with Subscriber-level access and above, to manipulate arbitrary option values on vulnerable sites. The impact of this vulnerability can result in privilege escalation, enabling attackers to become administrators, or denial of service conditions due to critical option deletions. The backup_options() and reset_options() functions in all versions up to 3.17.0 are the culprits, as they lack proper capability checks. Attackers can exploit this to disrupt the functionality of the site and cause errors for legitimate users.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.