Blend Media WordPress CTA Plugin Missing Authorization Vulnerability in Easy Sticky Sidebar
Vulnerability
A missing authorization vulnerability has been identified in the Blend Media WordPress CTA plugin, specifically in versions through 1.7.4. This vulnerability arises from incorrectly configured access control security levels, allowing unprivileged users to perform actions reserved for higher privileges.
Impact
Exploitation of this vulnerability could lead to unauthorized users gaining access to restricted functionalities or data, potentially allowing them to perform actions that should be reserved for higher-privileged users.
Remediation
Users are advised to update to a version of the Blend Media WordPress CTA plugin that is later than 1.7.4. For those using Patchstack, a mitigation rule has been issued to block attacks until an official patch is available.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.