The WP Easy Post Types plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 1.4.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to add, modify, or delete plugin options and posts.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

References
Link Providers
https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L111 cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L112 cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L113 cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L114 cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L115 cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L116 cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L117 cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L118 cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L119 cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L120 cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L121 cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L122 cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L123 cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L124 cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L125 cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L126 cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L127 cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L128 cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L129 cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L130 cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L131 cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L132 cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L133 cve-icon cve-icon
https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L134 cve-icon cve-icon
https://www.wordfence.com/threat-intel/vulnerabilities/id/d12c4b1c-23d0-430f-a6ea-0a3ab487ed10?source=cve cve-icon cve-icon
History

Mon, 14 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00192}

epss

{'score': 0.00197}


Tue, 22 Oct 2024 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Newsignature
Newsignature wp Easy Post Types
CPEs cpe:2.3:a:newsignature:wp_easy_post_types:*:*:*:*:*:wordpress:*:*
Vendors & Products Newsignature
Newsignature wp Easy Post Types

Fri, 18 Oct 2024 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Wp Easy Post Types Project
Wp Easy Post Types Project wp Easy Post Types
CPEs cpe:2.3:a:wp_easy_post_types_project:wp_easy_post_types:*:-:-:*:-:wordpress:*:*
Vendors & Products Wp Easy Post Types Project
Wp Easy Post Types Project wp Easy Post Types
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 18 Oct 2024 07:45:00 +0000

Type Values Removed Values Added
Description The WP Easy Post Types plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 1.4.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to add, modify, or delete plugin options and posts.
Title WP Easy Post Types <= 1.4.4 - Authenticated (Subscriber+) Missing Authorization via Multiple Functions
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2024-10-18T14:39:32.687Z

Reserved: 2024-10-17T11:54:40.466Z

Link: CVE-2024-10078

cve-icon Vulnrichment

Updated: 2024-10-18T14:39:26.506Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-18T08:15:04.060

Modified: 2024-10-22T16:28:26.113

Link: CVE-2024-10078

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.