CVE-2024-11851

Name of the Vulnerable Software and Affected Versions NitroPack plugin for WordPress versions up to, and including, 1.17.0

Description The issue arises from a missing capability check in the nitropack rml notification function, allowing authenticated attackers with subscriber access or higher to update arbitrary transients. These transients can only be updated to integers, not arbitrary values.

Recommendations For versions up to, and including, 1.17.0, update to a version higher than 1.17.0 to resolve the issue. As a temporary workaround, consider restricting access to the nitropack rml notification function until a patch is available.