CVE-2024-12542

Name of the Vulnerable Software and Affected Versions linkID plugin for WordPress versions up to, and including, 0.1.2

Description The issue arises from a missing capability check when including the 'phpinfo' function, allowing unauthorized access to data. This enables unauthenticated attackers to read configuration settings and predefined variables on the site's server. The plugin does not need to be activated for the issue to be exploited.

Recommendations For versions up to, and including, 0.1.2, update to a version that includes a capability check for the 'phpinfo' function to prevent unauthorized data access. As a temporary workaround, consider disabling the 'phpinfo' function in the linkID plugin until a patched version is available.