CVE-2024-6482

EPSS 0.49%
Veröffentlicht 14.09.2024 13:15:10
Zuletzt bearbeitet 27.09.2024 13:54:53
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

Login with phone number <= 1.7.49 - Authenticated (Subscriber+) Authorization Bypass to Privilege Escalation

The Login with phone number plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.49. This is due to a lack of validation and missing capability check on user-supplied data in the 'lwp_update_password_action' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update their role to any other role, including Administrator. The vulnerability was partially patched in version 1.7.40. The login with phone number pro plugin was required to exploit the vulnerability in versions 1.7.40 - 1.7.49.

Mögliche Gegenmaßnahme

OTP Login With Phone Number, OTP Verification: Update to version 1.7.50, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Idehweb ≫ Login With Phone Number SwPlatformwordpress Version >= 1.7.40 < 1.7.50

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt OTP Login With Phone Number, OTP Verification

Version *-1.7.49

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.49%	0.379

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@wordfence.com	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://plugins.trac.wordpress.org/browser/login-with-phone-number/trunk/login-with-phonenumber.php#L3803

Product

https://plugins.trac.wordpress.org/changeset/3129185/

Patch

https://www.wordfence.com/threat-intel/vulnerabilities/id/de7cde2c-142c-4004-9302-be335265d87d?source=cve

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/de7cde2c-142c-4004-9302-be335265d87d

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-6482

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-6482

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-6482

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-6482