CVE-2024-9503

Name of the Vulnerable Software and Affected Versions Maintenance & Coming Soon Redirect Animation plugin for WordPress versions up to, and including, 2.1.3

Description The issue is related to unauthorized modification of data due to a missing capability check on the wploti add whitelisted roles option, wploti remove whitelisted roles option, wploti add whitelisted users option, wploti remove whitelisted users option, and wploti uploaded animation save option functions. This allows authenticated attackers with Subscriber-level access and above to modify certain plugin settings.

Recommendations For Maintenance & Coming Soon Redirect Animation plugin for WordPress versions up to, and including, 2.1.3: Update to a version higher than 2.1.3 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable functions until a patch is available. Restrict access to the plugin settings to minimize the risk of exploitation.