CVE-2024-12249 in GS Insever Portfolio Plugininformazioni

Riassunto

di MITRE • 09/01/2025

The GS Insever Portfolio plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_settings() function in all versions up to, and including, 1.4.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's CSS settings.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Prenotare

05/12/2024

Divulgazione

09/01/2025

Moderazione

accettato

CPE

pronto

EPSS

0.00330

KEV

no

Attività

molto basso

Fonti

Do you know our Splunk app?

Download it now for free!