Unauthorized Attachment Deletion Vulnerability in Product Designer Plugin for WordPress
CVE-2024-3608
5.3MEDIUM
What is CVE-2024-3608?
The Product Designer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the product_designer_ajax_delete_attach_id() function in all versions up to, and including, 1.0.33. This makes it possible for unauthenticated attackers to delete arbitrary attachments.
Affected Version(s)
Product Designer * <= 1.0.33