CVE-2024-6799

Summary

CVE-2024-6799 is a vulnerability affecting the YITH Essential Kit for WooCommerce #1 plugin for WordPress. This issue allows authenticated attackers with Subscriber-level access and above to perform unauthorized modifications on data. Specifically, the 'activate_module', 'deactivate_module', and 'install_module' functions lack capability checks, enabling attackers to install, activate, and deactivate plugins from a pre-defined list of available YITH plugins. This poses a significant risk to WordPress sites using this plugin, particularly those with outdated versions up to and including 2.34.0. It is essential to update the plugin to the latest version as soon as possible to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.