PT-2024-37850 · WordPress · Social Auto Poster
István Márton
·
Published
2024-07-24
·
Updated
2024-09-03
·
CVE-2024-6754
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Social Auto Poster plugin for WordPress versions up to, and including, 5.3.14
Description
The issue arises from a missing capability check on the
wpw auto poster update tweet template function, allowing authenticated attackers with Subscriber-level access and above to update arbitrary post metadata.Recommendations
For Social Auto Poster plugin for WordPress versions up to, and including, 5.3.14, update to a version higher than 5.3.14 to resolve the issue.
As a temporary workaround, consider restricting access to the
wpw auto poster update tweet template function until a patch is available.Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Social Auto Poster