Unauthorized Data Loss Vulnerability in Evergreen Content Poster Plugin for WordPress
CVE-2024-12071

5.3MEDIUM

Key Information:

Vendor
Wordpress
Status
Evergreen Content Poster – Auto Post And Schedule Your Best Content To Social Media
Vendor
CVE Published:
18 January 2025

Summary

The Evergreen Content Poster plugin for WordPress has a security flaw that allows unauthorized individuals to delete posts and pages without proper authentication. This vulnerability arises from a missing capability check within the delete_network_post() function. As a result, unauthenticated users can exploit this flaw to manipulate content, posing significant risks to the integrity of the website. It is essential for users of the plugin to apply updates and follow security best practices to safeguard their content.

Affected Version(s)

Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media * <= 1.4.4

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/evergreen-cont...
https://plugins.trac.wordpress.org/browser/evergreen-cont...

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Brian Sans-Souci
.