CVE-2024-10520

CVSS V2 None CVSS V3 None
Description
The WP Project Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'check' method of the 'Create_Milestone', 'Create_Task_List', 'Create_Task', and 'Delete_Task' classes in version 2.6.14. This makes it possible for unauthenticated attackers to create milestones, create task lists, create tasks, or delete tasks in any project. NOTE: Version 2.6.14 implemented a partial fix for this vulnerability.
Overview
  • CVE ID
  • CVE-2024-10520
  • Assigner
  • Wordfence
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-11-20T11:33:10.861Z
  • Last Modified Date
  • 2024-11-20T15:14:12.419Z
History
Created Old Value New Value Data Type Notes
2024-11-21 13:13:11 Added to TrackCVE