CVE-2024-13715

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Jan 30, 2025

CWE ID 862

Summary

CVE-2024-13715 is a vulnerability affecting the zStore Manager Basic plugin for WordPress. This issue allows authenticated attackers with Subscriber-level access or higher to clear the plugin's cache without the necessary capability checks. Consequently, unauthorized loss of data can occur due to this missing functionality. Versions of the plugin up to and including 3.311 are vulnerable to this exploit. It is essential for WordPress users to update the zStore Manager Basic plugin to a secure version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2wXfXy
https://www.cve.org/CVERecord?id=CVE-2024-13715
https://nvd.nist.gov/vuln/detail/CVE-2024-13715

Back to Vulnerability Database

CVE-2024-13715

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations