CVE-2024-1733

MEDIUM

Word Replacer Pro <= 1.0 - Unauthenticated Arbitrary Content Modification via word_replacer_ultra() Function

Title source: llm
STIX 2.1

Description

The Word Replacer Pro plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the word_replacer_ultra() function in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to update arbitrary content on the affected WordPress site.

Scores

CVSS v3 5.3
EPSS 0.0044
EPSS Percentile 35.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-862
Status published
Products (2)
charlestsmith/Word Replacer Pro < 1.0
charlestsmith/word_replacer_pro 1.0
Published Mar 16, 2024
Tracked Since Feb 18, 2026