CVE-2024-54384

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Dec 16, 2024

CWE ID 862

Summary

CVE-2024-54384 is a Missing Authorization vulnerability affecting the Falcon – WordPress Optimizations & Tweaks plugin. The flaw enables unauthorized access to functionality, exploiting incorrectly configured access control security levels. This issue poses a risk to WordPress sites using the Falcon plugin versions from n/a to 2.8.3. Unauthorized users may gain privileged access, potentially leading to data theft or website manipulation. Users are advised to update to the latest plugin version and secure their access control settings.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/1KKky8
https://www.cve.org/CVERecord?id=CVE-2024-54384
https://nvd.nist.gov/vuln/detail/CVE-2024-54384

Back to Vulnerability Database

CVE-2024-54384

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations