Aeropage Sync for Airtable
Moderate fix1 remedy
cpe:2.3:a:aeropage:aeropage_sync_for_airtable:*:*:*:*:wordpress:*:*
Moderate fix1 remedy
- <= 3.2.0
Aeropage Sync for Airtable Missing Authorization Vulnerability Allowing Arbitrary Post Deletion
Vulnerability
Patched
A vulnerability exists in the Aeropage Sync for Airtable WordPress plugin, in versions through 3.2.0, allowing authenticated users with Subscriber-level access or higher to delete any post. This issue arises from a lack of proper capability checks in the 'aeropageDeletePost' function, leading to unauthorized data loss.
Impact
Exploitation of this vulnerability allows for arbitrary post deletion, potentially leading to loss of important content or data.
Reproduction
To reproduce this vulnerability, an authenticated user with Subscriber-level access or higher can send a request to the 'aeropageDeletePost' AJAX action. This request can include the ID of the post to be deleted. The absence of a capability check in the targeted function will result in the specified post being deleted, regardless of the user's authorization level.
Remediation
Users are advised to update the Aeropage Sync for Airtable plugin to version 3.3.0 or later, where this vulnerability has been patched.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
1.0impact
0.6exploitability
6.4remediation
7.7relevance
0.0threat
4.8urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.