Clone < 2.4.4 – Subscriber+ Unauthorised Action Calls | CVE 2024-31435

Affects Plugins

Fixed in 2.4.4

References

CVE

CVE-2024-31435

URL

https://patchstack.com/database/vulnerability/wp-clone-by-wp-academy/wordpress-clone-plugin-2-4-3-broken-access-control-vulnerability

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CWE-862

CVSS

4.3 (medium)

Miscellaneous

Original Researcher

Dhabaleshwar Das

Verified

No

WPVDB ID

9dfa0154-29a5-4f99-846b-8dedd95fe35f

Timeline

Publicly Published

2024-04-10 (about 2 years ago)

Added

2024-04-17 (about 2 years ago)

Last Updated

2024-04-17 (about 2 years ago)

Other

Published

Title

Published

2023-12-08

Title

Manage Notification E-mails < 1.8.6 - Missing Authorization

Published

2025-12-04

Title

WPForms Google Sheet Connector < 4.0.1 - Missing Authorization

Published

2024-04-09

Title

Soledad < 8.4.6 - Missing Authorization

Published

2025-10-03

Title

Cost Calculator Builder < 3.5.33 - Authenticated (Subscriber+) Missing Authorization via get_cc_orders/update_order_status Functions

Published

2024-12-18

Title

WP SuperBackup < 2.4 - Missing Authorization to Unauthenticated Back-Up File Download