CVE-2024-3915

Name of the Vulnerable Software and Affected Versions Swift Framework plugin for WordPress versions prior to 2.7.32

Description The issue allows unauthorized modification of data due to a missing capability check on the sf edit directory item() function. This enables unauthenticated attackers to update arbitrary posts with arbitrary content.

Recommendations For versions prior to 2.7.32, update to version 2.7.32 or later to resolve the issue. As a temporary workaround, consider disabling the sf edit directory item() function until a patch is available. Restrict access to the plugin's directory item editing functionality to minimize the risk of exploitation.