Access violation vulnerability in Featured Post Creative 1.2.7

The Featured Post Creative plugin for WordPress is a tool that allows users to highlight particular posts on their website. Unfortunately, there is a security vulnerability in versions up to and including 1.2.7 that allows unauthenticated attackers to change the highlighted post without permission. This is due to a lack of security checks on the wpfp_update_featured_post function, which is called via a nopriv AJAX action.

Detected in:

Featured Post Creative fixed vulnerable versions: >= * <= 1.2.7

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

Is this information incorrect? Please leave us a message.