CVE-2024-2086

Name of the Vulnerable Software and Affected Versions Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site plugin for WordPress versions up to, and including, 1.3.8

Description The plugin is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple AJAX endpoints. This allows authenticated attackers to modify plugin settings and gain full read/write/delete access to the associated Google Drive.

Recommendations For versions up to, and including, 1.3.8, update to a version higher than 1.3.8 to resolve the issue. As a temporary workaround, consider restricting access to the AJAX endpoints until a patch is available.