WP LinkedIn Auto Publish < 8.12 – Missing Authorization | CVE 2024-32797 | Plugin Vulnerabilities

Description

The WP LinkedIn Auto Publish plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wp_linkedin_autopublish_delete_all_linkedin_settings() function in versions up to, and including, 8.11. This makes it possible for authenticated attackers, with subscriber-level access and above, to reset the plugin's settings.

Affects Plugins

wp-linkedin-auto-publish

Fixed in 8.12

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/0c1c8310-76c3-4505-9504-993e594804a4

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Abdi Pranata

Verified

No

WPVDB ID

f633ec0f-2850-4084-abda-6fa8af25a358

Timeline

Publicly Published

2024-04-22 (about 2 years ago)

Added

2024-04-29 (about 2 years ago)

Last Updated

2024-04-29 (about 2 years ago)

Other

Published

Title

Published

2026-04-20

Title

Tutor LMS – eLearning and online course solution < 3.9.8 - Missing Authorization

Published

2022-01-12

Title

Ibtana < 1.1.4.9 - Subscriber+ Settings Update to Stored XSS

Published

2025-03-06

Title

Flex Mag - Responsive WordPress News Theme < 3.6.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Option Deletion

Published

2024-04-04

Title

Happy Addons for Elementor < 3.10.5 - Incorrect Authorization to Information Exposure

Published

2024-02-27

Title

Envo's Elementor Templates & Widgets for WooCommerce < 1.4.5 - Subscriber+ Template Creation