CVE-2024-7894

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Dec 7, 2024
CWE ID 862

Summary

CVE-2024-7894 refers to a vulnerability in the If Menu plugin for WordPress. This issue allows unauthenticated attackers to modify, delete, or manipulate the plugin's license key due to a missing capability check in the 'actions' function, affecting versions up to and including 0.19.1. This vulnerability poses a significant risk as the license key is essential for plugin functionality and authentication. Unauthorized modification of the license key can result in unauthorized access and potential data breaches. It is strongly recommended that users update to the latest version of the plugin to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share