WordPress Plugin Vulnerabilities

Advanced Cron Manager – debug & control < 2.5.10 - Missing Authorization

Description

The Advanced Cron Manager – debug & control plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the __call function in versions up to, and including, 2.5.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to render data.

Affects Plugins

Plugin icon
advanced-cron-manager
Fixed in 2.5.10

References

CVE
CVE-2024-43154
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/8341eaea-cc54-43e2-bc4f-a892e3756fa3

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Dhabaleshwar Das
Verified
No
WPVDB ID
c12e0d13-1a7f-4c5a-b177-48f3d9de3f03

Timeline

Publicly Published
2024-08-07 (about 1 year ago)
Added
2024-08-14 (about 1 year ago)
Last Updated
2024-08-14 (about 1 year ago)

Other

Published
Title
Published
2025-11-29
Title
Compress for MainWP <= 6.50.17 - Missing Authorization
Published
2026-01-08
Title
BA Book Everything < 1.8.17 - Missing Authorization
Published
2025-05-16
Title
MapSVG < 8.6.13 - Missing Authorization
Published
2025-02-14
Title
Vitepos – Point of sale (POS) < 3.1.4 - Missing Authorization
Published
2025-11-17
Title
Download Panel <= 1.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Modification