Generate Security Txt
Monthly
Authorization bypass in the Generate Security.txt WordPress plugin (all versions through 1.0.12) allows authenticated attackers with subscriber-level access to delete the site's security.txt file or create the .well-known directory by invoking unprotected AJAX actions directly. The root cause is a failure to verify user capabilities before executing the delete_securitytxt and create_wellknown_folder AJAX handlers, a classic CWE-862 (Missing Authorization) pattern reported by Wordfence. No public exploit or CISA KEV listing has been identified at time of analysis, and with a CVSS score of 4.3 and limited integrity impact, this is a low-urgency but straightforward-to-exploit flaw for any authenticated WordPress user.
Authorization bypass in the Generate Security.txt WordPress plugin (all versions through 1.0.12) allows authenticated attackers with subscriber-level access to delete the site's security.txt file or create the .well-known directory by invoking unprotected AJAX actions directly. The root cause is a failure to verify user capabilities before executing the delete_securitytxt and create_wellknown_folder AJAX handlers, a classic CWE-862 (Missing Authorization) pattern reported by Wordfence. No public exploit or CISA KEV listing has been identified at time of analysis, and with a CVSS score of 4.3 and limited integrity impact, this is a low-urgency but straightforward-to-exploit flaw for any authenticated WordPress user.