The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'delete_payment' function in all versions up to, and including, 16.26.6. This makes it possible for unauthenticated attackers to delete arbitrary payments.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-06-06T03:53:09.201Z

Updated: 2024-08-01T18:33:24.184Z

Reserved: 2024-02-01T20:18:24.031Z

Link: CVE-2024-1175

cve-icon Vulnrichment

Updated: 2024-08-01T18:33:24.184Z

cve-icon NVD

Status : Modified

Published: 2024-06-06T04:15:11.230

Modified: 2024-11-21T08:49:58.000

Link: CVE-2024-1175

cve-icon Redhat

No data.