Edmon Parker Read More & Accordion
Moderate fix1 remedy
cpe:2.3:a:edmonsoft:read_more_&_accordion:*:*:*:*:wordpress:*:*
Moderate fix1 remedy
- <= 3.4.2
WordPress Read More & Accordion Plugin Unauthorized Post Deletion Vulnerability
Vulnerability
Patched
A vulnerability exists in the Read More & Accordion plugin for WordPress, specifically in versions through 3.4.2. The issue arises from a lack of proper capability checks in the expmDeleteData() function, allowing authenticated users with Subscriber-level access and above to delete arbitrary 'read more' posts. This flaw can lead to unauthorized data modification and loss.
Impact
Exploitation of this vulnerability allows for the unauthorized deletion of 'read more' posts, potentially leading to data loss and disruption of content management.
Reproduction
To reproduce this vulnerability, an authenticated user with Subscriber-level access or higher can send a request to the WordPress admin-post.php endpoint. The request must include the action 'delete_readmore' and the 'readMoreId' parameter specifying the ID of the 'read more' post to be deleted. Notably, the request must also include a valid nonce for the 'delete_read_more' action to bypass the missing authorization check.
Remediation
Users are advised to update the Read More & Accordion plugin to version 3.4.3 or later.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
2.2impact
0.6exploitability
6.4remediation
7.7relevance
0.0threat
4.8urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.