CVE-2024-13816

Name of the Vulnerable Software and Affected Versions The Aiomatic - Automatic AI Content Writer & Editor plugin for WordPress versions prior to 2.3.7

Description The issue allows authenticated attackers with Subscriber-level access and above to perform unauthorized actions, including updating and deleting posts, listing and deleting batches, listing assistant uploaded files, deleting personas, deleting forms, deleting templates, and clearing logs, due to missing capability checks on multiple functions.

Recommendations For versions prior to 2.3.7, update to version 2.3.7 or later to resolve the issue. As a temporary workaround, consider restricting Subscriber-level access and above to minimize the risk of exploitation.