Edmonsoft: >> Read More & Accordion Security Vulnerabilities
The Read More & Accordion plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the expmDeleteData() function in all versions up to, and including, 3.4.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary 'read more' posts.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-02-13
The Read More & Accordion WordPress plugin before 3.2.7 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present.
CVSS Score
7.2
EPSS Score
0.005
Published
2023-10-16