Description

The ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tag_subscriber function in all versions up to, and including, 2.4.9. This makes it possible for unauthenticated attackers to subscribe users to tags. Financial damages may occur to site owners if their API quota is exceeded.

INFO

Published Date :

2024-06-21T03:49:00.260Z

Last Modified :

2024-08-01T20:26:57.176Z

Source :

Wordfence
AFFECTED PRODUCTS

The following products are affected by CVE-2024-3961 vulnerability.

Vendors Products
Convertkit
  • Convertkit - Email Marketing\, Email Newsletter And Landing Pages
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-3961.

URL Resource
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3104932%40convertkit%2Ftrunk&old=3085997%40convertkit%2Ftrunk&sfp_email=&sfph_mail= cve-icon cve-icon
https://www.wordfence.com/threat-intel/vulnerabilities/id/79d828b8-aea2-4705-ae23-ac70133a6c3e?source=cve cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact