The Wheel of Life: Coaching and Assessment Tool for Life Coach plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on several functions in the AjaxFunctions.php file in all versions up to, and including, 1.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary posts and modify settings.
References
Configurations
History
15 Jul 2024, 17:12
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-862 | |
References | () https://plugins.trac.wordpress.org/browser/wheel-of-life/trunk/includes/functions/AjaxFunctions.php - Product | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/0615d1be-f9fa-45b3-9d5b-3ad1f36be8e1?source=cve - Third Party Advisory | |
CPE | cpe:2.3:a:kraftplugins:wheel_of_life:*:*:*:*:*:wordpress:*:* | |
First Time |
Kraftplugins
Kraftplugins wheel Of Life |
20 Jun 2024, 12:43
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
20 Jun 2024, 02:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-20 02:15
Updated : 2024-07-15 17:12
NVD link : CVE-2024-3627
Mitre link : CVE-2024-3627
CVE.ORG link : CVE-2024-3627
JSON object : View
Products Affected
kraftplugins
- wheel_of_life
CWE
CWE-862
Missing Authorization