First published: Fri May 24 2024(Updated: )
The Event post plugin for WordPress is vulnerable to unauthorized bulk metadata update due to a missing capability check on the save_bulkdatas function in all versions up to, and including, 5.9.4. This makes it possible for authenticated attackers, with subscriber access or higher, to update post_meta_data.
Credit: security@wordfence.com
Affected Software | Affected Version | How to fix |
---|---|---|
WordPress Event Post | <=5.9.4 | |
Avecnous Event Post | <5.9.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-1376 has a medium severity level due to the potential for unauthorized bulk metadata updates.
To mitigate CVE-2024-1376, update the Event post plugin for WordPress to the latest version or ensure proper capability checks are implemented.
CVE-2024-1376 affects users of the Event post plugin for WordPress up to and including version 5.9.4.
Authenticated attackers with subscriber access or higher can exploit CVE-2024-1376 to perform unauthorized bulk updates.
CVE-2024-1376 is specifically present in the Event post plugin for WordPress versions up to and including 5.9.4.