Medium severity6.5NVD Advisory· Published Jan 7, 2025· Updated Apr 8, 2026
CVE-2024-11496
CVE-2024-11496
Description
The Infility Global plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the infility_global_ajax function in all versions up to, and including, 2.9.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update plugin options and potentially break the site.
Affected products
3cpe:2.3:a:infility:infility_global:*:*:*:*:*:wordpress:*:*+ 1 more
- cpe:2.3:a:infility:infility_global:*:*:*:*:*:wordpress:*:*range: <2.9.9
- (no CPE)range: <=2.9.8
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.