Description
The Advanced Classifieds & Directory Pro plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ajax_callback_delete_attachment function in all versions up to, and including, 3.0.0. This makes it possible for authenticated attackers, with subscriber access or higher, to delete arbitrary media uploads.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| pluginsware | Advanced Classifieds & Directory Pro | unaffected |
|
No data.
No data.
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2024-27178 | The Advanced Classifieds & Directory Pro plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ajax_callback_delete_attachment function in all versions up to, and including, 3.0.0. This makes it possible for authenticated attackers, with subscriber access or higher, to delete arbitrary media uploads. |
References
History
No history.
Subscriptions
No data.
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published:
Updated: 2024-08-01T19:03:39.184Z
Reserved: 2024-03-06T14:33:57.508Z
Link: CVE-2024-2222
Vulnrichment
Updated: 2024-08-01T19:03:39.184Z
NVD
Status : Awaiting Analysis
Published: 2024-04-09T19:15:30.153
Modified: 2024-11-21T09:09:17.447
Link: CVE-2024-2222
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses
No weakness.