CVE-2024-1716

Name of the Vulnerable Software and Affected Versions: Admin Bar Remover plugin for WordPress versions up to, and including, 1.0.2.2

Description: The issue is related to a missing capability check on the update form() function, which allows authenticated attackers with subscriber-level access and above to modify data by enabling or disabling the admin bar on the front-end of the site. This can be exploited by a remote attacker to alter the site's configuration.

Recommendations: For versions up to, and including, 1.0.2.2, update the plugin to a version that includes a fix for the missing capability check on the update form() function. As a temporary workaround, consider disabling the update form() function until a patch is available. Restrict access to the admin bar modification feature to minimize the risk of exploitation.