4.3
CVE-2024-33542
- EPSS 0.41%
- Veröffentlicht 29.04.2024 06:15:10
- Zuletzt bearbeitet 29.09.2025 22:21:36
- Quelle audit@patchstack.com
- CVE-Watchlists
- Unerledigt
LoginWordPress Crelly Slider plugin <= 1.4.5 - Insecure Direct Object References (IDOR) vulnerability
Crelly Slider <= 1.4.5 - Authenticated (Subscriber+) Insecure Direct Object Reference
Authorization Bypass Through User-Controlled Key vulnerability in Fabio Rinaldi Crelly Slider.This issue affects Crelly Slider: from n/a through 1.4.5.
Mögliche Gegenmaßnahme
Crelly Slider: Update to version 1.4.6, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Crelly Slider Project ≫ Crelly Slider SwPlatformwordpress Version < 1.4.6
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Crelly Slider
Version
*-1.4.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.41% | 0.326 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
| audit@patchstack.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
CWE-639 Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
https://patchstack.com/database/vulnerability/crelly-slider/wordpress-crelly-slider-plugin-1-4-5-insecure-direct-object-references-idor-vulnerability?_s_id=cve
https://www.wordfence.com/threat-intel/vulnerabilities/id/4acc1fd2-0024-4c35-b8c6-94203b91e985