The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'delete_payment' function in all versions up to, and including, 16.26.6. This makes it possible for unauthenticated attackers to delete arbitrary payments.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-06-06T03:53:09.201Z
Updated: 2024-08-01T18:33:24.184Z
Reserved: 2024-02-01T20:18:24.031Z
Link: CVE-2024-1175
Vulnrichment
Updated: 2024-08-01T18:33:24.184Z
NVD
Status : Modified
Published: 2024-06-06T04:15:11.230
Modified: 2024-11-21T08:49:58.000
Link: CVE-2024-1175
Redhat
No data.