CVE-2024-12559

Name of the Vulnerable Software and Affected Versions ClickDesigns plugin for WordPress versions up to, and including, 1.8.0

Description The issue allows unauthorized modification of data due to a missing capability check on the clickdesigns add api and the clickdesigns remove api functions. This makes it possible for unauthenticated attackers to modify or remove the plugin's API key.

Recommendations For versions up to, and including, 1.8.0, update to a version that includes a fix for the missing capability check in the clickdesigns add api and clickdesigns remove api functions. As a temporary workaround, consider disabling the clickdesigns add api and clickdesigns remove api functions until a patch is available. Restrict access to the API key to minimize the risk of exploitation.