CVE-2024-2086: CWE-862 Missing Authorization in princeahmed File Manager for Google Drive – Integrate Google Drive
The Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on multiple AJAX in all versions up to, and including, 1.3.8. This makes it possible for authenticated attackers to modify plugin settings as well as allowing full read/write/delete access to the Google Drive associated with the plugin.
AI Analysis
Technical Summary
The vulnerability identified as CVE-2024-2086 affects the 'File Manager for Google Drive – Integrate Google Drive' WordPress plugin by princeahmed. It arises from a missing capability check (CWE-862) on multiple AJAX calls, which leads to unauthorized access. Attackers without any privileges can exploit this to fully read, write, and delete files in the Google Drive account associated with the plugin, as well as modify plugin settings. This vulnerability impacts all plugin versions up to and including 1.3.8. The CVSS 3.1 base score is 10.0, reflecting network attack vector, no required privileges or user interaction, and high impact on confidentiality, integrity, and availability. No patch or official fix has been documented in the provided data.
Potential Impact
Successful exploitation allows unauthenticated attackers to gain full read, write, and delete access to the Google Drive linked to the plugin, potentially leading to data theft, data loss, and unauthorized modification of plugin settings. This compromises the confidentiality, integrity, and availability of the Google Drive data managed through the plugin.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, consider disabling the plugin or restricting access to the affected AJAX endpoints if possible. Monitor for updates from the vendor or security advisories for a patch or temporary mitigation.
CVE-2024-2086: CWE-862 Missing Authorization in princeahmed File Manager for Google Drive – Integrate Google Drive
Description
The Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on multiple AJAX in all versions up to, and including, 1.3.8. This makes it possible for authenticated attackers to modify plugin settings as well as allowing full read/write/delete access to the Google Drive associated with the plugin.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability identified as CVE-2024-2086 affects the 'File Manager for Google Drive – Integrate Google Drive' WordPress plugin by princeahmed. It arises from a missing capability check (CWE-862) on multiple AJAX calls, which leads to unauthorized access. Attackers without any privileges can exploit this to fully read, write, and delete files in the Google Drive account associated with the plugin, as well as modify plugin settings. This vulnerability impacts all plugin versions up to and including 1.3.8. The CVSS 3.1 base score is 10.0, reflecting network attack vector, no required privileges or user interaction, and high impact on confidentiality, integrity, and availability. No patch or official fix has been documented in the provided data.
Potential Impact
Successful exploitation allows unauthenticated attackers to gain full read, write, and delete access to the Google Drive linked to the plugin, potentially leading to data theft, data loss, and unauthorized modification of plugin settings. This compromises the confidentiality, integrity, and availability of the Google Drive data managed through the plugin.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, consider disabling the plugin or restricting access to the affected AJAX endpoints if possible. Monitor for updates from the vendor or security advisories for a patch or temporary mitigation.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Wordfence
- Date Reserved
- 2024-03-01T14:57:38.791Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 699f6da4b7ef31ef0b589c56
Added to database: 2/25/2026, 9:46:12 PM
Last enriched: 4/9/2026, 7:14:09 AM
Last updated: 4/12/2026, 3:45:01 PM
Views: 16
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.