WordPress Plugin Vulnerabilities

Tainacan < 0.20.8 - Missing Authorization

Description

The Tainacan plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in versions up to, and including, 0.20.7. This makes it possible for unauthenticated attackers to perform unauthorized actions.

Affects Plugins

Plugin icon
tainacan
Fixed in 0.20.8

References

CVE
CVE-2024-30529
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/70da8039-6526-47fa-934d-53fa29ca1bf0

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Dhabaleshwar Das
Verified
No
WPVDB ID
ca22a058-2992-4ef4-a97c-b2a4490e68a4

Timeline

Publicly Published
2024-03-29 (about 2 years ago)
Added
2024-04-03 (about 2 years ago)
Last Updated
2024-04-03 (about 2 years ago)

Other

Published
Title
Published
2026-02-06
Title
myCred < 2.9.7.4 - Missing Authorization
Published
2025-04-25
Title
Integração entre Eduzz e Woocommerce 1.5.0 - 1.7.5 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation
Published
2025-01-31
Title
Custom Related Posts < 1.7.4 - Missing Authorization to Authenticated (Subscriber+) Private Post Search and Relation Updates
Published
2024-10-09
Title
CubeWP – All-in-One Dynamic Content Framework < 1.1.16 - Missing Authorization
Published
2023-11-24
Title
Booster for WooCommerce < 7.1.3 - Missing Authorization to Product Creation/Modification