CVE-2024-3237 in ConvertPlug Plugin
요약
\~에 의해 MITRE • 2024. 05. 04.
The ConvertPlug plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cp_dismiss_notice() function in all versions up to, and including, 3.5.25. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary option values to true.
If you want to get best quality of vulnerability data, you may have to visit VulDB.