Unauthorized Data Loss Due to Missing Capability Check in Classified Listing Plugin
CVE-2024-3893
4.3MEDIUM
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 25 April 2024
What is CVE-2024-3893?
The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the rtcl_fb_gallery_image_delete AJAX action in all versions up to, and including, 3.0.10.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary attachements.
Affected Version(s)
Classified Listing – Classified ads & Business Directory Plugin * <= 3.0.10.3