4 matches found
CVE-2024-1371
The LeadConnector plugin for WordPress is vulnerable to unauthorized modification & loss of data due to a missing capability check on the lcpublicapiproxy function in all versions up to, and including, 1.7. This makes it possible for unauthenticated attackers to delete arbitrary posts...
CVE-2024-1371
The LeadConnector plugin for WordPress is vulnerable to unauthorized modification & loss of data due to a missing capability check on the lcpublicapiproxy function in all versions up to, and including, 1.7. This makes it possible for unauthenticated attackers to delete arbitrary posts...
WordPress LeadConnector Plugin <= 1.7 is vulnerable to Broken Access Control
Software LeadConnector Type Plugin Vulnerable versions = 1.7 Fixed in 1.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1371 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 2445a52c5c7c Credits Krzysztof Zając Required...
$197 Bounty Awarded for Unauthenticated Arbitrary Post Deletion Vulnerability Patched in LeadConnector WordPress Plugin
🎉 Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On February 8th, 2024, during our Bug Bounty Extravaganza, we...