5.3
CVE-2024-1047
- EPSS 0.21%
- Veröffentlicht 02.02.2024 06:15:45
- Zuletzt bearbeitet 21.11.2024 08:49:40
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginThemeIsle SDK <= Various Versions - Missing Authorization
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the register_reference() function in all versions up to, and including, 2.10.28. This makes it possible for unauthenticated attackers to update the connected API keys.
Mögliche Gegenmaßnahme
RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator: Update to version 4.4.2, or a newer patched version
Menu Icons by ThemeIsle: Update to version 0.13.9, or a newer patched version
Multiple Page Generator Plugin – MPG: Update to version 3.4.1, or a newer patched version
Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization: Update to version 3.12.5, or a newer patched version
Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE: Update to version 2.6.3, or a newer patched version
Starter Sites & Templates by Neve: Update to version 1.2.7, or a newer patched version
Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More: Update to version 2.10.29, or a newer patched version
Revive Social – Social Media Auto Post and Scheduling Automation Plugin: Update to version 9.0.26, or a newer patched version
Visualizer: Tables and Charts Manager for WordPress: Update to version 3.10.7, or a newer patched version
PPOM – Product Addons & Custom Fields for WooCommerce: Update to version 32.0.10, or a newer patched version
Super Page Cache: Update to version 4.7.6, or a newer patched version
LightStart – Maintenance Mode, Coming Soon and Landing Page Builder: Update to version 2.6.10, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator
Version
*-4.4.1
SystemWordPress Plugin
≫
Produkt
Menu Icons by ThemeIsle
Version
*-0.13.8
SystemWordPress Plugin
≫
Produkt
Multiple Page Generator Plugin – MPG
Version
*-3.4.0
SystemWordPress Plugin
≫
Produkt
Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization
Version
*-3.12.4
SystemWordPress Plugin
≫
Produkt
Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE
Version
*-2.6.2
SystemWordPress Plugin
≫
Produkt
Starter Sites & Templates by Neve
Version
*-1.2.6
SystemWordPress Plugin
≫
Produkt
Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More
Version
*-2.10.28
SystemWordPress Plugin
≫
Produkt
Revive Social – Social Media Auto Post and Scheduling Automation Plugin
Version
*-9.0.25
SystemWordPress Plugin
≫
Produkt
Visualizer: Tables and Charts Manager for WordPress
Version
*-3.10.6
SystemWordPress Plugin
≫
Produkt
PPOM – Product Addons & Custom Fields for WooCommerce
Version
*-32.0.9
SystemWordPress Plugin
≫
Produkt
Super Page Cache
Version
*-4.7.5
SystemWordPress Plugin
≫
Produkt
LightStart – Maintenance Mode, Coming Soon and Landing Page Builder
Version
*-2.6.9
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.21% | 0.431 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
| security@wordfence.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.