Unauthorized Modification and Data Loss Vulnerability in The Wheel of Life Coaching and Assessment Tool

CVE-2024-3627

5.4MEDIUM

Key Information

Vendor: Kraftplugins
Status: Wheel Of Life: Coaching And Assessment Tool For Life Coach
Vendor: CVE Published:; 20 June 2024

Summary

The Wheel of Life: Coaching and Assessment Tool for Life Coach plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on several functions in the AjaxFunctions.php file in all versions up to, and including, 1.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary posts and modify settings.

Affected Version(s)

Wheel of Life: Coaching and Assessment Tool for Life Coach <= 1.1.7

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Jun 20, 2024
Disclosed
Jun 19, 2024
Vulnerability Reserved.
Apr 10, 2024

Collectors

NVD DatabaseMitre Database

Credit

Lucio Sá