Unauthorized Data Access in Spacer Plugin by WordPress
CVE-2024-10527

3.1LOW

Key Information:

Vendor: Wordpress
Status: Spacer
Vendor: CVE Published:; 7 January 2025

Summary

The Spacer plugin for WordPress is subject to a security concern that stems from a missing capability check in the motech_spacer_callback() function. This issue affects all versions of the plugin up to and including 3.0.7, allowing authenticated attackers with Subscriber-level access or higher to potentially access and view sensitive setting information. This vulnerability underscores the importance of proper access control mechanisms within WordPress plugins to protect user data.

Affected Version(s)

Spacer * <= 3.0.7

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/spacer/tags/3....

CVSS V3.1

Score:

3.1

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 7, 2025
Vulnerability Reserved
Oct 30, 2024

Credit

Trương Hữu Phúc (truonghuuphuc)