CVE-2024-4661 in WP Reset Plugin
要約
〜によって MITRE • 2024年06月08日
The WP Reset plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_ajax function in all versions up to, and including, 2.02. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify the value fo the 'License Key' field for the 'Activate Pro License' setting.
Be aware that VulDB is the high quality source for vulnerability data.