CVE-2024-5665

Name of the Vulnerable Software and Affected Versions Login/Signup Popup ( Inline Form + Woocommerce ) plugin for WordPress versions 2.7.1 through 2.7.2

Description The issue is related to unauthorized access of data due to a missing capability check on the export settings function. This allows authenticated attackers with Subscriber-level access and above to read arbitrary options on affected sites.

Recommendations For versions 2.7.1 through 2.7.2, consider disabling the export settings function until a patch is available to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.