CVE-2024-13375

EPSS 1.39%
Veröffentlicht 18.01.2025 09:15:07
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

Adifier System <= 3.1.7 - Unauthenticated Arbitrary Password Reset

The Adifier System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.1.7. This is due to the plugin not properly validating a user's identity prior to updating their details like password through the adifier_recover() function. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.

Mögliche Gegenmaßnahme

Adifier System: Update to version 3.1.8, or a newer patched version

Adifier - Classified Ads WordPress Theme: Update to version 3.1.8, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

CNA 1 VulnDex Vulnerability Enrichment 2

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Herstellerspoonthemes

≫

Produkt Adifier System

Default Statusunaffected

Version <= 3.1.7

Version 0

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Adifier System

Version *-3.1.7

SystemWordPress Theme

≫

Produkt Adifier - Classified Ads WordPress Theme

Version *-3.1.7

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.39%	0.688

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@wordfence.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-620 Unverified Password Change

When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication.

https://themeforest.net/item/adifier-classified-ads-wordpress-theme/21633950

https://www.wordfence.com/threat-intel/vulnerabilities/id/fbf2aeed-0f18-4ef6-aff8-9e8c4531d789?source=cve

https://www.wordfence.com/threat-intel/vulnerabilities/id/fbf2aeed-0f18-4ef6-aff8-9e8c4531d789

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-13375

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-13375

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-13375

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-13375