Quicksand Post Filter jQuery Plugin <= 3.1.1 – Missing Authorization via quicksand_admin_ajax | CVE 2024-24850

Affects Plugins

quicksand-jquery-post-filter

No known fix

References

CVE

CVE-2024-24850

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/c6f3b765-396f-422f-864d-a48bee8c69cb

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CWE-862

CVSS

9.1 (critical)

Miscellaneous

Original Researcher

Mika

Verified

No

WPVDB ID

87ef49d6-d54c-425c-96cc-d63772083ddd

Timeline

Publicly Published

2024-02-02 (about 2 years ago)

Added

2024-02-05 (about 2 years ago)

Last Updated

2024-02-05 (about 2 years ago)

Other

Published

Title

Published

2025-01-24

Title

Boom Fest < 2.2.2 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update

Published

2026-03-23

Title

LearnPress < 4.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Quiz Answer Deletion

Published

2026-02-18

Title

NM Gift Registry and Wishlist Lite < 5.14 - Missing Authorization

Published

2025-10-16

Title

HomeLancer < 1.0.2 - Missing Authorization

Published

2021-12-08

Title

WP Google Map < 1.8.1 - Subscriber+ Map Creation/Update/Deletion