Medium severity4.3NVD Advisory· Published Apr 23, 2024· Updated Jun 17, 2026
CVE-2024-0900
CVE-2024-0900
Description
The Elespare – Build Your Blog, News & Magazine Websites with Expert-Designed Template Kits. One Click Import: No Coding Skills Required! plugin for WordPress is vulnerable to unauthorized post creation due to a missing capability check on the elespare_create_post() function hooked via AJAX in all versions up to, and including, 2.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary posts.
Affected products
2<=2.1.2+ 1 more
- (no CPE)range: <=2.1.2
- (no CPE)range: <=2.1.2
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.