CVE-2024-1641

Name of the Vulnerable Software and Affected Versions Accordion plugin for WordPress versions up to and including 2.2.96

Description The issue allows authenticated attackers with contributor access and above to access and modify data due to a missing capability check on the accordions duplicate post as draft function. This enables them to duplicate arbitrary posts, including accessing the contents of password-protected posts.

Recommendations For Accordion plugin for WordPress versions up to and including 2.2.96, update to a version higher than 2.2.96 to resolve the issue. As a temporary workaround, consider restricting contributor access to minimize the risk of exploitation.