CVE-2024-9587

low-risk

Published 2024-10-11

The Linkz.ai plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_linkz' function in versions up to, and including, 1.1.8. This makes it possible for authenticated attackers with contributor-level privileges or above, to update plugin settings.

Do I need to act?

0.05% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.4/10 Medium

NETWORK / LOW complexity

Affected Products (1)

Linkz.Ai

Affected Vendors

Linkz.Ai

References (3)

Product https://plugins.trac.wordpress.org/browser/linkz-ai/tags/1.1.8/init.php#L252

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old...

Third Party Advisory https://www.wordfence.com/threat-intel/vulnerabilities/id/b1faa178-e4b1-4d2e-85f...

/ 100

low-risk

Severity 21/34 · High

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal