Listly WordPress Plugin Transient Deletion Vulnerability

A vulnerability exists in the Listly: Listicles For WordPress plugin, specifically in versions through 2.7. The issue arises from a lack of proper capability checks in the Init() function, allowing unauthenticated attackers to delete arbitrary transient values from the WordPress site.

Impact

Exploitation of this vulnerability allows for unauthorized deletion of transient data, which could disrupt normal site operations or functionality that relies on this cached data.

Reproduction

The vulnerability can be reproduced by sending a request to the WordPress site with the 'ListlyDeleteCache' parameter. This can be done through the admin interface or by using a tool that allows for the manipulation of request parameters, such as a browser extension or a script.

Remediation

There is no known patch available for this vulnerability. It is recommended to review the vulnerability details and consider uninstalling the affected plugin.