CVE-2024-13740

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Feb 18, 2025

Updated: Feb 24, 2025

CWE ID 639

Summary

CVE-2024-13740: A vulnerability has been identified in the ProfileGrid plugin for WordPress, affecting versions up to 5.9.4.2. This issue involves an Insecure Direct Object Reference in the pm_messenger_show_messages function, where validation on a user-controlled key is missing. Consequently, authenticated attackers with Subscriber-level access or higher can exploit this vulnerability to access and read the private conversations of other users.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/20uXST
https://www.cve.org/CVERecord?id=CVE-2024-13740
https://nvd.nist.gov/vuln/detail/CVE-2024-13740

Back to Vulnerability Database

CVE-2024-13740

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations