CVE-2024-0866

Name of the Vulnerable Software and Affected Versions Check & Log Email plugin for WordPress versions up to, and including, 1.0.9

Description The issue allows unauthenticated attackers to execute actions with hooks in WordPress under certain circumstances. This is possible when the action the attacker wishes to execute has a nonce check, and the nonce is known to the attacker. Additionally, the absence of a capability check is required for this to occur. The check nonce function is involved in this process.

Recommendations For versions up to, and including, 1.0.9, update to a version that fixes the Unauthenticated Hook Injection issue. As a temporary workaround, consider disabling the check nonce function until a patch is available. Restrict access to sensitive actions that rely on nonce checks to minimize the risk of exploitation.