CVE-2024-1677

Name of the Vulnerable Software and Affected Versions The Print Labels with Barcodes plugin for WordPress versions up to, and including, 3.4.6

Description The issue allows for unauthorized access, modification, and loss of data due to an improper capability check on 42 separate AJAX functions. This enables authenticated attackers with subscriber access or higher to fully control the plugin, including modifying settings and profiles, and creating, editing, retrieving, and deleting templates and barcodes.

Recommendations For versions up to, and including, 3.4.6, update the plugin to a version higher than 3.4.6 to resolve the issue. As a temporary workaround, consider restricting access to the plugin's AJAX functions until a patch is available. Restrict subscriber access and above to minimize the risk of exploitation.