Edmonsoft Read More Accordion vulnerabilities
2 known vulnerabilities affecting edmonsoft/read_more_accordion.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2023-3392P3HIGHCVSS 7.2fixed in 3.2.72023-10-16
CVE-2023-3392 [HIGH] CWE-502 CVE-2023-3392: The Read More & Accordion WordPress plugin before 3.2.7 unserializes user input provided via the set
The Read More & Accordion WordPress plugin before 3.2.7 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present.
nvd
CVE-2024-13639P4MEDIUMCVSS 4.3fixed in 3.4.32025-02-13
CVE-2024-13639 [MEDIUM] CWE-862 CVE-2024-13639: The Read More & Accordion plugin for WordPress is vulnerable to unauthorized modification and loss o
The Read More & Accordion plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the expmDeleteData() function in all versions up to, and including, 3.4.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary 'read more' posts.
nvd