CVE-2024-9192

Name of the Vulnerable Software and Affected Versions WordPress Video Robot - The Ultimate Video Importer plugin for WordPress versions up to and including 1.20.0

Description The issue is related to insufficient validation of user metadata that can be updated in the wpvr rate request result() function. This allows authenticated attackers with subscriber-level access and above to update their user metadata on a WordPress site, potentially escalating their privileges to those of an administrator.

Recommendations For WordPress Video Robot - The Ultimate Video Importer plugin for WordPress versions up to and including 1.20.0, update to a version higher than 1.20.0 to resolve the issue. As a temporary workaround, consider disabling the wpvr rate request result() function until a patch is available. Restrict access to the plugin's functionality to minimize the risk of exploitation.