CVE-2024-10532

Name of the Vulnerable Software and Affected Versions The Bard Extra plugin for WordPress versions prior to 1.2.8

Description The issue allows authenticated attackers with subscriber-level access and above to import demo data due to a missing capability check on the bardxtra import xml() function. This enables unauthorized modification of data.

Recommendations For versions prior to 1.2.8, update to version 1.2.8 or later to resolve the issue. As a temporary workaround, consider disabling the bardxtra import xml() function until a patch is available. Restrict access to the import functionality to minimize the risk of exploitation.