CVE-2024-12176

Name of the Vulnerable Software and Affected Versions WordLift – AI powered SEO – Schema plugin for WordPress versions prior to 3.54.0

Description The issue arises from a missing capability check on the 'wl config plugin' AJAX action, allowing unauthenticated attackers to update the plugin's settings. This enables unauthorized access to the plugin's configuration.

Recommendations For versions prior to 3.54.0, update to version 3.54.0 or later to resolve the issue. As a temporary workaround, consider disabling the 'wl config plugin' AJAX action until a patch is available. Restrict access to the plugin's settings to minimize the risk of exploitation.