Unauthorized Access to Post Meta and Plugin Options in Social Auto Poster Plugin

CVE-2024-6750

7.5HIGH

Key Information

Vendor: Social Auto Poster
Status: Social Auto Poster
Vendor: CVE Published:; 24 July 2024

Summary

The Social Auto Poster plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.3.14. This makes it possible for unauthenticated attackers to add, modify, or delete post meta and plugin options.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Jul 24, 2024

Collectors

NVD Database