WordPress Product Designer plugin <= 1.0.33 - Arbitrary Content Deletion vulnerability
CVE-2024-38726
7.5HIGH
What is CVE-2024-38726?
The vulnerability in PickPlugins Product Designer stems from missing authorization checks, allowing unauthorized users to access functionalities that should be restricted according to Access Control Lists (ACLs). This oversight can enable attackers to exploit these functionalities without proper permissions, potentially leading to unauthorized modifications and data exposure. The issue affects multiple versions of the Product Designer, specifically from n/a through 1.0.33, necessitating immediate attention to mitigate the risks associated with this vulnerability.
Affected Version(s)
Product Designer <= 1.0.33