WordPress Plugin Vulnerabilities

Responsive Lightbox < 2.4.8 - Missing Authorization

Description

The Responsive Lightbox plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init_builder() function in versions up to, and including, 2.4.7. This makes it possible for unauthenticated attackers to flush rules.

Affects Plugins

Plugin icon
responsive-lightbox
Fixed in 2.4.8

References

CVE
CVE-2024-43924
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/6ead05d3-a5b1-474f-bc72-67570ff060da

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Rafie Muhammad
Verified
No
WPVDB ID
d0dc4939-995c-4982-9b82-d408485f8ca1

Timeline

Publicly Published
2024-08-26 (about 1 year ago)
Added
2024-09-04 (about 1 year ago)
Last Updated
2024-09-12 (about 1 year ago)

Other

Published
Title
Published
2026-03-11
Title
Advanced Product Fields (Product Addons) for WooCommerce < 1.6.19 - Missing Authorization
Published
2024-11-08
Title
Top Store < 1.5.5 - Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation
Published
2025-01-24
Title
Post Duplicator < 2.36 - Missing Authorization
Published
2023-09-04
Title
rtMedia for WordPress, BuddyPress and bbPress < 4.6.15 - Missing Authorization to Settings Update
Published
2025-05-06
Title
Search Exclude < 2.5.0 - Missing Authorization to Unauthenticated Plugin Settings Modification