8.8
CVE-2023-1597
- EPSS 0.47%
- Veröffentlicht 10.07.2023 16:15:48
- Zuletzt bearbeitet 21.11.2024 07:39:30
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LogintagDiv Cloud Library < 2.7 - Unauthenticated Arbitrary User Metadata Update to Privilege Escalation
tagDiv Cloud Library < 2.7 - Missing Authorization to Arbitrary User Metadata Update
The tagDiv Cloud Library WordPress plugin before 2.7 does not have authorisation and CSRF in an AJAX action accessible to both unauthenticated and authenticated users, allowing unauthenticated users to change arbitrary user metadata, which could lead to privilege escalation by setting themselves as an admin of the blog.
Mögliche Gegenmaßnahme
tagDiv Cloud Library: Update to version 2.7, or a newer patched version
Newspaper - News & WooCommerce WordPress Theme: Update to version 12.4, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Tagdiv ≫ Cloud Library SwPlatformwordpress Version < 2.7
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
tagDiv Cloud Library
Version
[*, 2.7)
SystemWordPress Theme
≫
Produkt
Newspaper - News & WooCommerce WordPress Theme
Version
*-12.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.47% | 0.372 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
https://wpscan.com/vulnerability/4eafe111-8874-4560-83ff-394abe7a803b
https://www.wordfence.com/threat-intel/vulnerabilities/id/24e8d1a4-9853-4f60-a371-7fdbe86d554b