CVE-2024-12158

Name of the Vulnerable Software and Affected Versions Popup – MailChimp, GetResponse and ActiveCampaign Integrations plugin for WordPress versions up to 3.2.6

Description The issue is related to a missing capability check on the 'upc delete db data' AJAX action, which allows unauthenticated attackers to delete the plugin's database data. This can lead to unauthorized loss of data.

Recommendations For versions up to 3.2.6, update to a version higher than 3.2.6 to resolve the issue. As a temporary workaround, consider disabling the upc delete db data AJAX action until a patch is available.