Unauthorized Payment Data Deletion Vulnerability in WP-Recall Plugin
CVE-2024-1175
5.3MEDIUM
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 6 June 2024
What is CVE-2024-1175?
The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'delete_payment' function in all versions up to, and including, 16.26.6. This makes it possible for unauthenticated attackers to delete arbitrary payments.
Affected Version(s)
WP-Recall – Registration, Profile, Commerce & More * <= 16.26.6