CVE-2024-13692

Summary

CVE-2024-13692 is a critical vulnerability affecting the Return Management System plugin for WordPress, specifically versions 4.4.5 and below. This issue stems from a lack of validation on user-controlled keys, allowing unauthenticated attackers to manipulate various functions. The consequences of this vulnerability are significant, enabling attackers to overwrite attached refund images, refund request messages, order messages, and even read messages of other users. This puts sensitive information at risk and can lead to unauthorized modifications. It is imperative that users of the RMA Exchange, Wallet, and Cancel Order Features plugin update to the latest version to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.