CVE-2024-0710

Name of the Vulnerable Software and Affected Versions GP Unique ID plugin for WordPress versions up to, and including, 1.5.5

Description The issue is due to insufficient input validation, allowing unauthenticated attackers to tamper with the generation of a unique ID on a form submission and replace the generated unique ID with a user-controlled one. This leads to a loss of integrity in cases where the ID's uniqueness is relied upon in a security-specific context.

Recommendations For versions up to, and including, 1.5.5, update to a version later than 1.5.5 to resolve the issue. As a temporary workaround, consider restricting access to form submissions to minimize the risk of exploitation. Avoid using the unique ID generated by the plugin in security-specific contexts until the issue is resolved.