PT-2024-39596 · WordPress · Sendgrid For Wordpress
Nir Kum
+2
·
Published
2024-10-17
·
Updated
2024-10-22
·
CVE-2024-9364
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
SendGrid for WordPress plugin versions up to, and including, 1.4
Description
The issue is related to a missing capability check on the
wp mailplus clear logs function, which allows authenticated attackers with Subscriber-level access and above to delete the plugin's log files, resulting in unauthorized loss of data.Recommendations
For SendGrid for WordPress plugin versions up to, and including, 1.4, consider disabling the
wp mailplus clear logs function until a patch is available to prevent unauthorized deletion of log files.Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sendgrid For Wordpress