CVE-2024-5861

Name of the Vulnerable Software and Affected Versions: WP EasyPay – Square for WordPress plugin versions up to, and including, 4.2.3

Description: The issue allows unauthorized modification of data due to a missing capability check on the wpep square disconnect() function. This makes it possible for unauthenticated attackers to disconnect Square.

Recommendations: For WP EasyPay – Square for WordPress plugin versions up to, and including, 4.2.3, update to a version higher than 4.2.3 to resolve the issue. As a temporary workaround, consider disabling the wpep square disconnect() function until a patch is available.