8.1

CVE-2024-2505

Exploit

GamiPress < 6.8.9 - Broken Access Control

GamiPress <= 6.8.8 - Broken Access Control

The GamiPress  WordPress plugin before 6.8.9's access control mechanism fails to properly restrict access to its settings, permitting Authors to manipulate requests and extend access to lower privileged users, like Subscribers, despite initial settings prohibiting such access. This vulnerability resembles broken access control, enabling unauthorized users to modify critical GamiPress  WordPress plugin before 6.8.9 configurations.
Mögliche Gegenmaßnahme
GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress: Update to version 6.8.9, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GamipressGamipress SwPlatformwordpress Version < 6.8.9
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress
Version *-6.8.8
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.64% 0.456
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.1 2.8 5.2
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://wpscan.com/vulnerability/9b3d6148-ecee-4e59-84a4-3b3e9898473b/
Third Party Advisory
Exploit
https://www.wordfence.com/threat-intel/vulnerabilities/id/3ba1100e-8669-4105-b8d7-27c0b81c0856
Third Party Advisory