Unauthorized Modification of Data in Testimonial Carousel Plugin for WordPress Due to Missing Capability Check
CVE-2024-4858
5.3MEDIUM
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 25 May 2024
What is CVE-2024-4858?
The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_testimonials_option_callback' function in versions up to, and including, 10.2.0. This makes it possible for unauthenticated attackers to update the OpenAI API key, disabling the feature.
Affected Version(s)
Testimonial Carousel For Elementor * <= 10.2.0