First published: Tue Oct 01 2024(Updated: )
The Spice Starter Sites plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the spice_starter_sites_importer_creater function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to import demo content.
Credit: security@wordfence.com
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.