CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-1649

The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxDeleteCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete categories.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 28.8%

CVSS Severity

CVSS v3 Score 4.3

References

https://plugins.trac.wordpress.org/changeset/3034410/categorify
https://www.wordfence.com/threat-intel/vulnerabilities/id/c63ddc62-a4f1-4da4-a65e-4573369d6c30?source=cve
https://plugins.trac.wordpress.org/changeset/3034410/categorify
https://www.wordfence.com/threat-intel/vulnerabilities/id/c63ddc62-a4f1-4da4-a65e-4573369d6c30?source=cve

Products affected by CVE-2024-1649

Frenify » Categorify » Version: N/A

cpe:2.3:a:frenify:categorify:-
Frenify » Categorify » Version: 1.0.0

cpe:2.3:a:frenify:categorify:1.0.0
Frenify » Categorify » Version: 1.0.4

cpe:2.3:a:frenify:categorify:1.0.4
Frenify » Categorify » Version: 1.0.5

cpe:2.3:a:frenify:categorify:1.0.5
Frenify » Categorify » Version: 1.0.7

cpe:2.3:a:frenify:categorify:1.0.7
Frenify » Categorify » Version: 1.0.7.4

cpe:2.3:a:frenify:categorify:1.0.7.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-1649

Products

Pricing

Contact Us