CVE-2024-3277

Name of the Vulnerable Software and Affected Versions Yumpu ePaper publishing plugin for WordPress version 2.0.24 and earlier

Description The issue allows authenticated attackers with subscriber-level access and above to upload PDF files, publish them, and modify the API key due to a missing capability check on the ajax handler function. This enables unauthorized modification of data.

Recommendations For Yumpu ePaper publishing plugin for WordPress version 2.0.24 and earlier, update to a version later than 2.0.24 to resolve the issue. As a temporary workaround, consider restricting access to the ajax handler function to prevent unauthorized data modification.