CVE-2024-3627

The Wheel of Life: Coaching and Assessment Tool for Life Coach plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on several functions in the AjaxFunctions.php file in all versions up to, and including, 1.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary posts and modify settings.
Configurations

Configuration 1 (hide)

cpe:2.3:a:kraftplugins:wheel_of_life:*:*:*:*:*:wordpress:*:*

History

15 Jul 2024, 17:12

Type Values Removed Values Added
CWE CWE-862
References () https://plugins.trac.wordpress.org/browser/wheel-of-life/trunk/includes/functions/AjaxFunctions.php - () https://plugins.trac.wordpress.org/browser/wheel-of-life/trunk/includes/functions/AjaxFunctions.php - Product
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/0615d1be-f9fa-45b3-9d5b-3ad1f36be8e1?source=cve - () https://www.wordfence.com/threat-intel/vulnerabilities/id/0615d1be-f9fa-45b3-9d5b-3ad1f36be8e1?source=cve - Third Party Advisory
CPE cpe:2.3:a:kraftplugins:wheel_of_life:*:*:*:*:*:wordpress:*:*
First Time Kraftplugins
Kraftplugins wheel Of Life

20 Jun 2024, 12:43

Type Values Removed Values Added
Summary
  • (es) El complemento Wheel of Life: Coaching and Assessment Tool for Life Coach para WordPress es vulnerable a modificaciones no autorizadas y pérdida de datos debido a una falta de verificación de capacidad en varias funciones en el archivo AjaxFunctions.php en todas las versiones hasta la 1.1.7 incluida. Esto hace posible que atacantes autenticados, con acceso de nivel de suscriptor y superior, eliminen publicaciones arbitrarias y modifiquen configuraciones.

20 Jun 2024, 02:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-20 02:15

Updated : 2024-07-15 17:12


NVD link : CVE-2024-3627

Mitre link : CVE-2024-3627

CVE.ORG link : CVE-2024-3627


JSON object : View

Products Affected

kraftplugins

  • wheel_of_life
CWE
CWE-862

Missing Authorization