CVE-2024-9705

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Dec 6, 2024
CWE ID 862

Summary

CVE-2024-9705 is a vulnerability affecting the Ultimate Coming Soon & Maintenance plugin for WordPress. This issue allows authenticated attackers with Subscriber-level access or higher to unauthorizedly modify data. Specifically, the 'ucsm_update_template_name_lite' function in all versions up to 1.0.9 fails to implement proper capability checks, making it possible for attackers to alter the plugin's templates. This poses a security risk, as the modified templates could potentially be used for malicious purposes. Users are advised to update the plugin to the latest version to mitigate this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share