CVE-2024-1844

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Mar 20, 2024

Summary

CVE-2024-1844 is a vulnerability affecting the RevivePress – Keep your Old Content Evergreen plugin for WordPress. The issue lies in the missing capability check on the import_data and copy_data functions, present in all versions up to 1.5.6. Hackers with subscriber-level access or higher can exploit this flaw to overwrite plugin settings without proper authorization. Moreover, the vulnerability also enables unauthorized viewing of sensitive plugin data. This poses a significant risk to WordPress sites using this plugin, necessitating an immediate update to a patched version.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share