CVE-2024-12583

Name of the Vulnerable Software and Affected Versions Dynamics 365 Integration plugin for WordPress version 1.3.23 and earlier

Description The issue is related to Remote Code Execution and Arbitrary File Read due to missing input validation and sanitization on the render function, allowing authenticated attackers with Contributor-level access and above to execute code on the server via Twig Server-Side Template Injection.

Recommendations For versions up to and including 1.3.23, update to a version later than 1.3.23 to resolve the issue. As a temporary workaround, consider restricting access to the render function until a patch is available. Restrict Contributor-level access and above to minimize the risk of exploitation.