WordPress Plugin Vulnerabilities

Arconix Shortcodes < 2.1.12 - Missing Authorization

Description

The Arconix Shortcodes plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ts_reset_tracking_setting() function in versions up to, and including, 2.1.11. This makes it possible for unauthenticated attackers to reset the tracking data.

Affects Plugins

Plugin icon
arconix-shortcodes
Fixed in 2.1.12

References

CVE
CVE-2024-38769
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/5b3aca44-0d47-4285-93e5-5cf147b5800e

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Dhabaleshwar Das
Verified
No
WPVDB ID
e929a751-b949-40b7-af8c-25c1a0e53d7e

Timeline

Publicly Published
2024-07-19 (about 1 year ago)
Added
2024-07-25 (about 1 year ago)
Last Updated
2024-07-25 (about 1 year ago)

Other

Published
Title
Published
2025-01-10
Title
Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups < 1.3.6 - Missing Authorization
Published
2026-02-18
Title
TrueBooker < 1.1.7 - Missing Authorization
Published
2026-02-11
Title
Travel Agency < 1.5.6 - Missing Authorization
Published
2026-02-19
Title
Checkout for PayPal < 1.0.47 - Missing Authorization
Published
2025-04-01
Title
Shiptimize for WooCommerce <= 3.1.86 - Missing Authorization to Authenticated (Subscriber+) Settings Update