Medium severity4.3NVD Advisory· Published Jan 15, 2025· Updated Apr 15, 2026

CVE-2024-11851

Description

The NitroPack plugin for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the nitropack_rml_notification function in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with subscriber access or higher, to update arbitrary transients. Note, that these transients can only be updated to integers and not arbitrary values.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

plugins.trac.wordpress.org/changeset/3211235/nitropacknvd
www.wordfence.com/threat-intel/vulnerabilities/id/8945bae7-2224-4d9f-b693-10c94c94dea0nvd

News mentions

No linked articles in our index yet.

cvss	0.280
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000