Data Modification Vulnerability in Team Builder Plugin for WordPress
CVE-2024-13687

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Team Builder – Meet The Team
Vendor: CVE Published:; 18 February 2025

What is CVE-2024-13687?

The Team Builder plugin for WordPress contains a vulnerability allowing authenticated users with Subscriber-level access and above to perform unauthorized modifications to plugin settings. This issue arises from a missing capability check in the save_team_builder_options() function, affecting all versions up to and including 1.3. It highlights the importance of proper access controls to safeguard against potential data manipulation by lower-privileged users.

Affected Version(s)

Team Builder – Meet the Team * <= 1.3

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/team-display/t...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 18, 2025
Vulnerability Reserved
Jan 23, 2025

Credit

Peter Thaleikis

JSON