WordPress Plugin Vulnerabilities

Easy Accordion Gutenberg Block < 1.2.5 - Missing Authorization

Description

The Easy Accordion Gutenberg Block plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the dci_sdk_insights() function in versions up to, and including, 1.2.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to send insights.

Affects Plugins

Plugin icon
easy-accordion-block
Fixed in 1.2.5

References

CVE
CVE-2024-51660
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/39ab0d8c-0f20-40d5-94ba-f6e95ebde88c

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Trương Hữu Phúc (truonghuuphuc)
Verified
No
WPVDB ID
c721af14-87c0-4b36-97fc-5bb441cd0d8e

Timeline

Publicly Published
2024-11-01 (about 1 year ago)
Added
2024-11-06 (about 1 year ago)
Last Updated
2024-11-06 (about 1 year ago)

Other

Published
Title
Published
2022-09-15
Title
Awesome Filterable Portfolio <= 1.9.7 - Unauthenticated Settings Update
Published
2025-04-10
Title
Industrial Lite <= 1.0.8 - Missing Authorization
Published
2026-04-14
Title
Nexi XPay < 8.3.2 - Missing Authorization to Unauthenticated Order Status Modification
Published
2024-10-13
Title
ShortPixel Image Optimizer < 5.6.4 - Missing Authorization
Published
2025-11-28
Title
Subscriptions & Memberships for PayPal < 1.1.8 - Missing Authorization