CVE-2024-13639

Name of the Vulnerable Software and Affected Versions Read More & Accordion plugin for WordPress versions up to, and including, 3.4.2

Description The issue is related to a missing capability check on the expmDeleteData() function, which allows authenticated attackers with Subscriber-level access and above to delete arbitrary 'read more' posts, resulting in unauthorized modification and loss of data.

Recommendations For versions up to, and including, 3.4.2, consider disabling the expmDeleteData() function until a patch is available to prevent unauthorized data deletion. Restrict access to the plugin's functionality to minimize the risk of exploitation, ensuring only authorized users can modify or delete 'read more' posts.