CVE-2024-4280 MEDIUM

CVE-2024-4280: White Label CMS <= 2.7.3 - Missing Authorization to Plugin Settings Reset

Vendor Videousermanuals

Product White Label CMS

Weakness CWE-862 · Missing authorization

Published May 10, 2024

Last update April 8, 2026

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

The White Label CMS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reset_plugin function in all versions up to, and including, 2.7.3. This makes it possible for unauthenticated attackers to reset plugin settings.

Key dates

02Disclosure timeline

May 10, 2024 CVE published

April 8, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-4280 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/862.html

Related vulnerabilities

04Related CVE

CVE-2024-56008 WordPress Spreadr Woocommerce plugin <= 1.0.4 - Arbitrary Content Deletion vulnerability CVE-2025-14609 Wise Analytics <= 1.1.9 - Missing Authorization to Unauthenticated Arbitrary Analytics Database Disclosure via 'name' Parameter CVE-2026-1003 GetGenie – AI Content Writer with Keyword Research & SEO Tracking Tools <= 4.3.0 - Missing Authorization to Authenticated (Author+) Arbitrary Post Deletion CVE-2025-69191 WordPress ListingHub plugin <= 1.2.7 - Broken Access Control vulnerability CVE-2026-42436 OpenClaw < 2026.4.14 - Internal Page Content Exposure via Browser Snapshot and Screenshot Routes