Data Modification Vulnerability in GS Insever Portfolio Plugin for WordPress
CVE-2024-12249

4.3MEDIUM

Key Information:

Vendor
Wordpress
Status
Gs Insever Portfolio
Vendor
CVE Published:
9 January 2025

Summary

The GS Insever Portfolio plugin for WordPress has a security flaw that allows authenticated attackers, with subscriber-level access and above, to alter the plugin's CSS settings. This issue arises from a missing capability check in the save_settings() function, compromising the integrity of the website's presentation. Affected versions include all up to 1.4.5. It is crucial for users of this plugin to apply available updates to mitigate this vulnerability.

Affected Version(s)

GS Insever Portfolio * <= 1.4.5

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/gs-instagram-p...
https://plugins.trac.wordpress.org/browser/gs-instagram-p...

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Peter Thaleikis
.