CVE-2024-12618: 
WordPress vulnerability analysis and mitigation

The Newsletter2Go plugin for WordPress (CVE-2024-12618) contains a vulnerability related to unauthorized modification of data, discovered and disclosed on January 9, 2025. The vulnerability affects all versions up to and including 4.0.14 of the Newsletter2Go WordPress plugin. This security issue stems from a missing capability check on the 'resetStyles' AJAX action (NVD).

The vulnerability is classified as a Missing Authorization issue (CWE-862) with a CVSS v3.1 Base Score of 4.3 (MEDIUM). The vulnerability vector string is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N, indicating network accessibility, low attack complexity, required low privileges, no user interaction, unchanged scope, no impact on confidentiality, low impact on integrity, and no impact on availability (NVD).

The vulnerability allows authenticated attackers with Subscriber-level access and above to reset styles within the Newsletter2Go plugin. This unauthorized modification capability could affect the visual presentation and styling of newsletter content (NVD).

Users should upgrade to a version newer than 4.0.14 when available. The vulnerability was identified in all versions up to and including 4.0.14 (NVD).