CVE-2024-1710

The Addon Library plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the onAjaxAction function action in all versions up to, and including, 1.3.76. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several unauthorized actions including uploading arbitrary files.
Configurations

Configuration 1 (hide)

cpe:2.3:a:unlimited-elements:addon_library:*:*:*:*:*:wordpress:*:*

History

27 Feb 2025, 22:03

Type Values Removed Values Added
CPE cpe:2.3:a:unlimited-elements:addon_library:*:*:*:*:*:wordpress:*:*
CWE CWE-862
First Time Unlimited-elements
Unlimited-elements addon Library
References () https://plugins.trac.wordpress.org/browser/addon-library/trunk/inc_php/unitecreator_actions.class.php#L39 - () https://plugins.trac.wordpress.org/browser/addon-library/trunk/inc_php/unitecreator_actions.class.php#L39 - Product
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/15cf34d8-256b-495e-9385-a5d526bfb335?source=cve - () https://www.wordfence.com/threat-intel/vulnerabilities/id/15cf34d8-256b-495e-9385-a5d526bfb335?source=cve - Third Party Advisory

21 Nov 2024, 08:51

Type Values Removed Values Added
References () https://plugins.trac.wordpress.org/browser/addon-library/trunk/inc_php/unitecreator_actions.class.php#L39 - () https://plugins.trac.wordpress.org/browser/addon-library/trunk/inc_php/unitecreator_actions.class.php#L39 -
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/15cf34d8-256b-495e-9385-a5d526bfb335?source=cve - () https://www.wordfence.com/threat-intel/vulnerabilities/id/15cf34d8-256b-495e-9385-a5d526bfb335?source=cve -

26 Feb 2024, 16:32

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-26 16:27

Updated : 2025-02-27 22:03


NVD link : CVE-2024-1710

Mitre link : CVE-2024-1710

CVE.ORG link : CVE-2024-1710


JSON object : View

Products Affected

unlimited-elements

  • addon_library
CWE
CWE-862

Missing Authorization