Vulnerabilities > CVE-2024-3627 - Missing Authorization vulnerability in Kraftplugins Wheel of Life

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

LOW

network

low complexity

kraftplugins

CWE-862

NVD

Published: 2024-06-20

Updated: 2024-07-15

Summary

The Wheel of Life: Coaching and Assessment Tool for Life Coach plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on several functions in the AjaxFunctions.php file in all versions up to, and including, 1.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary posts and modify settings.

Vulnerable Configurations

Part	Description	Count
Application	Kraftplugins Kraftplugins Wheel OF Life *	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/0615d1be-f9fa-45b3-9d5b-3ad1f36be8e1?source=cve
https://plugins.trac.wordpress.org/browser/wheel-of-life/trunk/includes/functions/AjaxFunctions.php