CVE-2024-9587: 
WordPress vulnerability analysis and mitigation

The Linkz.ai plugin for WordPress (versions up to and including 1.1.8) contains a vulnerability identified as CVE-2024-9587. The vulnerability stems from a missing capability check on the 'ajax_linkz' function, which was discovered and reported by Wordfence (Wordfence Report).

The vulnerability is classified as an unauthorized modification of data issue due to insufficient authorization controls. The CVSS v3.1 base score is 4.3 (MEDIUM) with a vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N according to NVD's assessment. Wordfence assigned a slightly higher CVSS score of 5.4 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L. The vulnerability is categorized under CWE-862 (Missing Authorization) (NVD).

The vulnerability allows authenticated attackers with contributor-level privileges or above to update plugin settings without proper authorization. This could potentially lead to unauthorized modification of plugin configurations (NVD).

Users should upgrade to version 1.2.0 or later of the Linkz.ai WordPress plugin to address this vulnerability (NVD).