WordPress Plugin Vulnerabilities

Whizzy <= 1.1.18 - Missing Authorization

Description

The Whizzy plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.1.18. This makes it possible for unauthenticated attackers to perform an unauthorized action.

Affects Plugins

Plugin icon
whizzy
No known fix

References

CVE
CVE-2024-30544
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/8278f5bf-2f40-4f3d-b38d-0ecea9d47f83

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Steven Julian
Verified
No
WPVDB ID
2d9acdd3-4bf7-4de4-863c-a305c3cfb13b

Timeline

Publicly Published
2024-03-29 (about 2 years ago)
Added
2024-04-03 (about 2 years ago)
Last Updated
2024-04-03 (about 2 years ago)

Other

Published
Title
Published
2026-02-17
Title
YayMail < 4.3.3 - Missing Authorization to Authenticated (Shop Manager+) Plugin Installation and Activation
Published
2024-05-03
Title
Login with phone number < 1.7.20 - Missing Authorization
Published
2024-07-23
Title
Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells < 3.4.7 - Missing Authorization to Authenticated (Contributor+) Settings Update
Published
2024-08-09
Title
Meta Box – WordPress Custom Fields Framework < 5.9.11 - Missing Authorization to Information Exposure
Published
2025-12-25
Title
Simple File List <= 6.1.16 - Missing Authorization