2024-11-26
:
The My Contador lesr plugin for WordPress has a vulnerability (CVE-2024-11334) that allows attackers to export user data without authorization. This is due to a missing capability check in the plugin’s `exportar_registros()` function, affecting all versions up to and including 2.0.
Vulnerability Details:
Platform: WordPress
Version: My Contador lesr plugin <= 2.0
Vulnerability: Unauthenticated Stored Cross-Site Scripting (XSS)
Severity: Medium (CVSS: 3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
Date: November 21, 2024 (published by NIST)
What Undercode Says:
This vulnerability can be exploited by attackers to steal user data from your WordPress site. It’s crucial to update the My Contador lesr plugin to a patched version as soon as possible. If an update is unavailable, consider deactivating the plugin until a fix is released.
References:
Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com
Image Source:
OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.help