8.8
CVE-2024-33921
- EPSS 0.4%
- Veröffentlicht 03.05.2024 09:15:09
- Zuletzt bearbeitet 28.04.2026 19:25:15
- Quelle audit@patchstack.com
- CVE-Watchlists
- Unerledigt
LoginWordPress ReviewX plugin <= 1.6.21 - Broken Access Control vulnerability
ReviewX <= 1.6.21 - Missing Authorization
Broken Access Control vulnerability in ReviewX.This issue affects ReviewX: from n/a through 1.6.21.
Mögliche Gegenmaßnahme
ReviewX – Multi-Criteria Reviews for WooCommerce with Google Reviews & Schema: Update to version 1.6.22, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Wpdeveloper ≫ Reviewx SwPlatformwordpress Version < 1.6.22
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
ReviewX – Multi-Criteria Reviews for WooCommerce with Google Reviews & Schema
Version
*-1.6.21
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.4% | 0.315 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| audit@patchstack.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
|
CWE-281 Improper Preservation of Permissions
The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.
https://patchstack.com/database/vulnerability/reviewx/wordpress-reviewx-plugin-1-6-21-broken-access-control-vulnerability?_s_id=cve
https://www.wordfence.com/threat-intel/vulnerabilities/id/08f4445b-9c79-42e3-be45-d07f72c00a01