CVE-2024-4605

Name of the Vulnerable Software and Affected Versions Breakdance plugin for WordPress versions up to and including 1.7.1

Description The issue allows for Remote Code Execution via post meta data. This is due to the plugin storing custom data in metadata without an underscore prefix, making it possible for lower privileged users to edit this data and escalate their privileges or execute arbitrary code.

Recommendations For Breakdance plugin for WordPress versions up to and including 1.7.1, update to a version higher than 1.7.1 to resolve the issue. As a temporary workaround, consider restricting access to the post meta data editing functionality to prevent lower privileged users from exploiting this issue.