CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56255 – WordPress AyeCode Connect plugin <= 1.3.8 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-56255
30 Dec 2024 — Missing Authorization vulnerability in AyeCode AyeCode Connect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AyeCode Connect: from n/a through 1.3.8. The AyeCode Connect plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the install_mu_plugin() function in versions up to, and including, 1.3.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to install must use plugins. • https://patchstack.com/database/wordpress/plugin/ayecode-connect/vulnerability/wordpress-ayecode-connect-plugin-1-3-8-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •