CVE-2024-11844

Name of the Vulnerable Software and Affected Versions IdeaPush plugin for WordPress versions up to, and including, 8.71

Description The issue concerns a lack of capability check in the idea push taxonomy save routine function, allowing authenticated attackers with Subscriber-level access and above to delete terms for the "boards" taxonomy. This enables unauthorized modification of data.

Recommendations For versions up to, and including, 8.71, update to a version that includes a fix for this issue, as the current version allows authenticated attackers to modify data without proper authorization. At the moment, there is no information about a newer version that contains a fix for this vulnerability.