CVE-2024-12614

Name of the Vulnerable Software and Affected Versions Passwords Manager plugin for WordPress versions up to, and including, 1.4.8

Description The issue is related to a missing capability check on the pms save setting and post new pass AJAX actions. This allows authenticated attackers with Subscriber-level access and above to update the plugin's settings and add passwords.

Recommendations For versions up to, and including, 1.4.8, consider disabling the pms save setting and post new pass AJAX actions until a patch is available to prevent unauthorized modification of data. Restrict access to the plugin's settings to minimize the risk of exploitation. Avoid using the plugin until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.