CVE-2024-6590

Name of the Vulnerable Software and Affected Versions The Spreadsheet Integration plugin for WordPress versions up to, and including, 3.7.9

Description The issue is related to a missing capability check on several functions, allowing authenticated attackers with Subscriber-level access and above to modify data. This includes editing post status, editing Google sheet integrations, and creating Google sheet integrations.

Recommendations For versions up to, and including, 3.7.9, update to a version higher than 3.7.9 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable functions to minimize the risk of exploitation.