Unauthorized Modification of Data Vulnerability in Frontend Post Submission Manager Lite plugin
CVE-2024-8427
4.3MEDIUM
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 6 September 2024
What is CVE-2024-8427?
The Frontend Post Submission Manager Lite plugin for WordPress is susceptible to unauthorized data modification due to inadequate capability checks in the save_global_settings and process_form_edit functions. This vulnerability affects all versions up to and including 1.2.2, enabling authenticated users with Subscriber-level access and above to alter the plugin's settings and forms without proper authorization. Such a flaw could lead to potential misuse of the plugin, making it imperative for website administrators to take prompt action to secure their installations.
Affected Version(s)
Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin * <= 1.2.2