CVE-2024-2505

Name of the Vulnerable Software and Affected Versions GamiPress WordPress plugin versions prior to 6.8.9

Description The access control mechanism in the GamiPress WordPress plugin fails to properly restrict access to its settings. This allows Authors to manipulate requests and extend access to lower privileged users, such as Subscribers, despite initial settings prohibiting such access. The issue resembles broken access control, enabling unauthorized users to modify critical plugin configurations.

Recommendations For versions prior to 6.8.9, update to version 6.8.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's settings to minimize the risk of exploitation.