CVE-2024-4858

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
25/05/2024
Last modified:
28/05/2024

Description

The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_testimonials_option_callback' function in versions up to, and including, 10.2.0. This makes it possible for unauthenticated attackers to update the OpenAI API key, disabling the feature.