CVE-2024-43982

EPSS 0.44%
Veröffentlicht 01.11.2024 15:15:51
Zuletzt bearbeitet 08.11.2024 21:11:11
Quelle audit@patchstack.com
CVE-Watchlists
Login
Unerledigt
Login

WordPress Login As Users plugin <= 1.4.3 - Broken Access Control to Account Takeover vulnerability

Login As Users <= 1.4.3 - Missing Authorization to Privielge Escalation via Account Takeover

Missing Authorization vulnerability in Geek Code Lab Login As Users allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Login As Users: from n/a through 1.4.3.

Mögliche Gegenmaßnahme

Login As Users: Update to version 1.4.4, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Geekcodelab ≫ Login As Users SwPlatformwordpress Version <= 1.4.4

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Login As Users

Version *-1.4.3

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.44%	0.346

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
audit@patchstack.com	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://patchstack.com/database/vulnerability/login-as-users/wordpress-login-as-users-plugin-1-4-3-broken-access-control-to-account-takeover-vulnerability?_s_id=cve

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/88d9f0b1-040d-4f95-95dd-021ceb0cdb39

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-43982

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-43982

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-43982

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-43982