CVE-2024-12071

The Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_network_post() function in all versions up to, and including, 1.4.4. This makes it possible for unauthenticated attackers to delete arbitrary posts and pages.
Configurations

Configuration 1 (hide)

cpe:2.3:a:evergreencontentposter:evergreen_content_poster:*:*:*:*:*:wordpress:*:*

History

25 Feb 2025, 22:17

Type Values Removed Values Added
Summary
  • (es) El complemento Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media para WordPress es vulnerable a la pérdida no autorizada de datos debido a una verificación de capacidad faltante en la función delete_network_post() en todas las versiones hasta la 1.4.4 y incluida. Esto permite que atacantes no autenticados eliminen publicaciones y páginas arbitrarias.
References () https://plugins.trac.wordpress.org/browser/evergreen-content-poster/trunk/admin/class-evergreen_content_poster-admin.php#L333 - () https://plugins.trac.wordpress.org/browser/evergreen-content-poster/trunk/admin/class-evergreen_content_poster-admin.php#L333 - Product
References () https://plugins.trac.wordpress.org/browser/evergreen-content-poster/trunk/includes/class-evergreen_content_poster.php#L345 - () https://plugins.trac.wordpress.org/browser/evergreen-content-poster/trunk/includes/class-evergreen_content_poster.php#L345 - Product
References () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3224190%40evergreen-content-poster&new=3224190%40evergreen-content-poster&sfp_email=&sfph_mail= - () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3224190%40evergreen-content-poster&new=3224190%40evergreen-content-poster&sfp_email=&sfph_mail= - Patch
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/aa07f48f-370f-4985-a6fc-a94ed5c59ed4?source=cve - () https://www.wordfence.com/threat-intel/vulnerabilities/id/aa07f48f-370f-4985-a6fc-a94ed5c59ed4?source=cve - Third Party Advisory
CPE cpe:2.3:a:evergreencontentposter:evergreen_content_poster:*:*:*:*:*:wordpress:*:*
First Time Evergreencontentposter
Evergreencontentposter evergreen Content Poster

18 Jan 2025, 04:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-01-18 04:15

Updated : 2025-02-25 22:17


NVD link : CVE-2024-12071

Mitre link : CVE-2024-12071

CVE.ORG link : CVE-2024-12071


JSON object : View

Products Affected

evergreencontentposter

  • evergreen_content_poster
CWE
CWE-862

Missing Authorization