CVE-2024-2086 CRITICAL

CVE-2024-2086: Integrate Google Drive <= 1.3.8 - Missing Authorization to Unauthenticated Settings Modification and Export

Vendor Princeahmed
Product File Manager for Google Drive – Integrate Google Drive
Weakness CWE-862 · Missing authorization
Published March 30, 2024
Last update April 8, 2026
View on NVD All CVEs

CVSS base score

10.0/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L

What the vulnerability does

01Description

The Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on multiple AJAX in all versions up to, and including, 1.3.8. This makes it possible for authenticated attackers to modify plugin settings as well as allowing full read/write/delete access to the Google Drive associated with the plugin.

Key dates

02Disclosure timeline

March 30, 2024 CVE published
April 8, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-39657 WordPress leadlovers forms plugin <= 1.0.2 - Broken Access Control vulnerability CVE-2026-50108 Naxclow IoT Platform Missing Authorization CVE-2024-27953 WordPress Cryptocurrency Widgets – Price Ticker & Coins List Plugin <= 2.6.8 is vulnerable to Broken Access Control CVE-2025-62021 WordPress Acknowledgify plugin <= 1.1.3 - Broken Access Control vulnerability CVE-2026-27678 Missing Authorization check in SAP S/4HANA Backend OData Service (Manage Reference Structures)