Medium severity4.3NVD Advisory· Published Apr 9, 2024· Updated Jun 17, 2026
CVE-2024-2222
CVE-2024-2222
Description
The Advanced Classifieds & Directory Pro plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ajax_callback_delete_attachment function in all versions up to, and including, 3.0.0. This makes it possible for authenticated attackers, with subscriber access or higher, to delete arbitrary media uploads.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<=3.0.0+ 1 more
- (no CPE)range: <=3.0.0
- (no CPE)range: <=3.0.0
Patches
Vulnerability mechanics
References
4- plugins.trac.wordpress.org/browser/advanced-classifieds-and-directory-pro/trunk/admin/admin.phpnvd
- plugins.trac.wordpress.org/browser/advanced-classifieds-and-directory-pro/trunk/public/user.phpnvd
- plugins.trac.wordpress.org/changesetnvd
- www.wordfence.com/threat-intel/vulnerabilities/id/bc5da189-838d-4c0b-a734-283c4da36473nvd
News mentions
0No linked articles in our index yet.