#VU103483 Missing Authorization in Evergreen Content Poster Plugin by User Growth - CVE-2024-12071
Published: January 31, 2025
Vulnerability identifier: #VU103483
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-12071
CWE-ID: CWE-862
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Evergreen Content Poster Plugin by User Growth
Evergreen Content Poster Plugin by User Growth
Software vendor:
User Growth
User Growth
Description
The vulnerability allows a remote attacker to bypass authorization checks.
The vulnerability exists due to a missing capability check on the delete_network_post() function. A remote attacker can delete arbitrary posts and pages.
Remediation
Install updates from vendor's website.
External links
- https://plugins.trac.wordpress.org/browser/evergreen-content-poster/trunk/admin/class-evergreen_content_poster-admin.php#L333
- https://plugins.trac.wordpress.org/browser/evergreen-content-poster/trunk/includes/class-evergreen_content_poster.php#L345
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3224190%40evergreen-content-poster&new=3224190%40evergreen-content-poster&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/aa07f48f-370f-4985-a6fc-a94ed5c59ed4?source=cve