CVE-2024-8667 - "HurryTimer for WordPress & WooCommerce Unauthorized Post Publication Vulnerability"

1 month ago 14
ARTICLE AD BOX
CVE ID : CVE-2024-8667
Published : Oct. 24, 2024, 8:15 a.m. | 25 minutes ago
Description : The HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized post publication due to a missing capability check on the activateCampaign() function in all versions up to, and including, 2.10.0. This makes it possible for authenticated attackers, with contributor-level access and above, to publish arbitrary posts like ones they have submitted for review, or a site administrator has in draft.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Read Entire Article