CVE-2024-9705
CVSS 3.1 Score 4.3 of 10 (medium)
Details
Summary
CVE-2024-9705 is a vulnerability affecting the Ultimate Coming Soon & Maintenance plugin for WordPress. This issue allows authenticated attackers with Subscriber-level access or higher to unauthorizedly modify data. Specifically, the 'ucsm_update_template_name_lite' function in all versions up to 1.0.9 fails to implement proper capability checks, making it possible for attackers to alter the plugin's templates. This poses a security risk, as the modified templates could potentially be used for malicious purposes. Users are advised to update the plugin to the latest version to mitigate this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.