CVE-2024-12155

Name of the Vulnerable Software and Affected Versions SV100 Companion plugin for WordPress versions up to, and including, 2.0.02

Description The issue allows unauthorized modification of data, leading to privilege escalation due to a missing capability check on the settings import() function. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site, potentially enabling user registration and gaining administrative user access to a vulnerable site.

Recommendations For versions up to, and including, 2.0.02, update to a version that includes a fix for this issue. As a temporary workaround, consider disabling the settings import() function until a patch is available. Restrict access to the WordPress site to minimize the risk of exploitation.