CVE-2024-12542

HIGH Year: 2024
CVSS v3 Score
8.6
High
Weakness Type
CWE-862
View all →

Vulnerability Description

The linkID plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all versions up to, and including, 0.1.2. This makes it possible for unauthenticated attackers to read configuration settings and predefined variables on the site's server. The plugin does not need to be activated for the vulnerability to be exploited.

Related Vulnerabilities

CVE-2020-23793

HIGH
CVSS:8.6(High)

An issue was discovered in spice-server spice-server-0.14.0-6.el7_6.1.x86_64 of Redhat's VDI product. There is a security vulnerablility that can restart KVMvirtual machine without any authorization. ...

CWE-8622020

CVE-2023-47698

HIGH
CVSS:8.6(High)

Missing Authorization vulnerability in Artisan Workshop Japanized For WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Japanized For WooCommerce: ...

CWE-8622023

CVE-2024-12535

HIGH
CVSS:8.6(High)

The Host PHP Info plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all versions up to, and including, 1.0.4....

CWE-8622024

CVE-2024-24703

HIGH
CVSS:8.6(High)

Missing Authorization vulnerability in MultiVendorX WC Marketplace.This issue affects WC Marketplace: from n/a through 4.0.25.

CWE-8622024

CVE-2024-25911

HIGH
CVSS:8.6(High)

Missing Authorization vulnerability in Skymoon Labs MoveTo.This issue affects MoveTo: from n/a through 6.2.

CWE-8622024

CVE-2024-34378

HIGH
CVSS:8.6(High)

Missing Authorization vulnerability in LeadConnector.This issue affects LeadConnector: from n/a through 1.7.

CWE-8622024