CVE-2024-9706

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Dec 6, 2024
CWE ID 862

Summary

CVE-2024-9706 is a vulnerability affecting the Ultimate Coming Soon & Maintenance plugin for WordPress. This issue stems from a missing capability check on the ucsm_activate_lite_template_lite function, which is present in all versions up to 1.0.9. Consequently, unauthenticated attackers can manipulate the template used for the coming soon/maintenance page, posing a potential risk to website data integrity. This vulnerability requires immediate attention, and users are advised to update the plugin to a patched version as soon as possible.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share