6.5
CVE-2024-5570
- EPSS 0.55%
- Veröffentlicht 28.06.2024 06:15:06
- Zuletzt bearbeitet 19.05.2025 20:46:21
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginSimple Photoswipe <= 0.1 - Subscriber+ Arbitrary Settings Update
Simple Photoswipe <= 0.1 - Missing Authorization (Subscriber+) Settings Update
The Simple Photoswipe WordPress plugin through 0.1 does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them
Mögliche Gegenmaßnahme
Simple Photoswipe: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zitscher ≫ Simple Photoswipe SwPlatformwordpress Version <= 0.1
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Simple Photoswipe
Version
*-0.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.55% | 0.414 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
https://wpscan.com/vulnerability/49b3a8cb-f606-4cf7-80ec-bfdafd74e848/
https://www.wordfence.com/threat-intel/vulnerabilities/id/467f369f-1c7a-4b05-8901-d2850db86a33