Descrição
The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the ‘install_required_plugin_callback’ function in all versions up to, and including, 4.1.16. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated.
Software
Não informado
Tipo Software
Plugin
CVE
CVE-2024-10728
Tags
Nâo informado
Data de publicação
16/11/2024
Última atualização
19/11/2024
Pontuação em CVSS 3.0
8.8
Alto