cleantalk
Vulnerabilities and Security Researches

Read More & Accordion and popups, CVE-2024-13639

CVE, Research URL

CVE-2024-13639

Home page URL

Security reports for Read More & Accordion and popups

Application

Read More & Accordion and popups

Published on
Feb 13, 2025
Research Description
The Read More & Accordion plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the expmDeleteData() function in all versions up to, and including, 3.4.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary 'read more' posts.
Affected versions
max 3.4.3.
Status
vulnerable
Previous vulnerability researches
Read More & Accordion and popups (CVE-2023-3392) , Jun 07, 2024
Read More & Accordion and popups (CVE-2025-0810) , Apr 05, 2025
Read More & Accordion and popups (CVE-2025-64247) , Jan 11, 2026
Read More & Accordion and popups (CVE-2026-7472) , May 22, 2026
Read More & Accordion and popups (CVE-2026-7467) , May 22, 2026
New vulnerability
YITH WooCommerce Product Add-Ons (CVE-2026-42383) , May 22, 2026
Quick Table (CVE-2026-6237) , May 22, 2026
WordPress Online Booking and Scheduling Plugin – Bookly (CVE-2026-42667) , May 22, 2026
Email Encoder – Protect Email Addresses and Phone Numbers (CVE-2026-5776) , May 22, 2026
GeoDirectory – WordPress Business Directory Plugin, or Classified Directory (CVE-2026-42671) , May 22, 2026