Lucene search
K

4 matches found

NVD
NVD
added 2024/04/30 3:15 a.m.14 views

CVE-2024-1371

The LeadConnector plugin for WordPress is vulnerable to unauthorized modification & loss of data due to a missing capability check on the lcpublicapiproxy function in all versions up to, and including, 1.7. This makes it possible for unauthenticated attackers to delete arbitrary posts...

6.5CVSS6.7AI score0.00587EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/04/30 2:35 a.m.15 views

CVE-2024-1371

The LeadConnector plugin for WordPress is vulnerable to unauthorized modification & loss of data due to a missing capability check on the lcpublicapiproxy function in all versions up to, and including, 1.7. This makes it possible for unauthenticated attackers to delete arbitrary posts...

6.5CVSS7.1AI score0.00587EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/04/30 12:0 a.m.10 views

WordPress LeadConnector Plugin <= 1.7 is vulnerable to Broken Access Control

Software LeadConnector Type Plugin Vulnerable versions = 1.7 Fixed in 1.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1371 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 2445a52c5c7c Credits Krzysztof Zając Required...

6.5CVSS6.4AI score0.00587EPSS
Exploits0References3Affected Software1
Wordfence Blog
Wordfence Blog
added 2024/04/29 3:4 p.m.24 views

$197 Bounty Awarded for Unauthenticated Arbitrary Post Deletion Vulnerability Patched in LeadConnector WordPress Plugin

🎉 Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On February 8th, 2024, during our Bug Bounty Extravaganza, we...

6.4CVSS7.3AI score0.00587EPSS
Exploits0
Rows per page
Query Builder