WordPress Plugin Vulnerabilities

Breeze < 2.1.15 - Missing Authorization

Description

The Breeze plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reset_to_default() function in versions up to, and including, 2.1.14. This makes it possible for unauthenticated attackers to reset to default settings.

Affects Plugins

Plugin icon
breeze
Fixed in 2.1.15

References

CVE
CVE-2024-50422
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/f4b75e39-48fe-4781-be0f-9cf806d953ea

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Rafie Muhammad
Verified
No
WPVDB ID
822a263e-40c8-4fbe-815c-657a243c491b

Timeline

Publicly Published
2024-10-24 (about 1 year ago)
Added
2024-10-31 (about 1 year ago)
Last Updated
2024-10-31 (about 1 year ago)

Other

Published
Title
Published
2026-04-21
Title
CalJ <= 1.5 - Authenticated (Subscriber+) Arbitrary Settings Modification via 'save-obtained-key' Action
Published
2025-12-22
Title
Addonify < 2.0.5 - Missing Authorization
Published
2025-02-03
Title
Awesome Event Booking < 2.7.5 - Missing Authorization
Published
2024-11-01
Title
Otter - Gutenberg Block < 3.0.4 - Missing Authorization
Published
2026-01-12
Title
xSmart <= 1.2.9.4 - Missing Authorization