CVE-2024-12249 in GS Insever Portfolio Plugininformação

Sumário

de MITRE • 09/01/2025

The GS Insever Portfolio plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_settings() function in all versions up to, and including, 1.4.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's CSS settings.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Reservar

05/12/2024

Divulgação

09/01/2025

Moderação

aceite

Entrada

VDB-290875

CPE

pronto

EPSS

0.00330

KEV

não

Atividades

muito baixo

Fontes

Do you know our Splunk app?

Download it now for free!