4.3
CVE-2024-0829
- EPSS 0.13%
- Veröffentlicht 13.03.2024 16:15:14
- Zuletzt bearbeitet 11.03.2025 13:28:57
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginComments Extra Fields For Post,Pages and CPT <= 5.0 - Missing Authorization
The Comments Extra Fields For Post,Pages and CPT plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.0. This is due to missing or incorrect capability checks on several ajax actions. This makes it possible for authenticated attackers, with subscriber access or higher, to invoke those actions. As a result, they may modify comment form fields and update plugin settings.
Mögliche Gegenmaßnahme
Comments Extra Fields For Post,Pages and CPT: Update to version 5.1, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Comments Extra Fields For Post,Pages and CPT
Version
*-5.0
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Najeebmedia ≫ Comments Extra Fields SwPlatformwordpress Version < 5.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.13% | 0.335 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@wordfence.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.