9.8
CVE-2024-8277
- EPSS 45.63%
- Veröffentlicht 11.09.2024 09:15:02
- Zuletzt bearbeitet 26.09.2024 14:39:20
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginWooCommerce Photo Reviews Premium <= 1.3.13.2 - Authentication Bypass to Account Takeover and Privilege Escalation
The WooCommerce Photo Reviews Premium plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.3.13.2. This is due to the plugin not properly validating what user transient is being used in the login() function and not properly verifying the user's identity. This makes it possible for unauthenticated attackers to log in as user that has dismissed an admin notice in the past 30 days, which is often an administrator. Alternatively, a user can log in as any user with any transient that has a valid user_id as the value, though it would be more difficult to exploit this successfully.
Mögliche Gegenmaßnahme
WooCommerce Photo Reviews Premium: Update to version 1.3.14, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
WooCommerce Photo Reviews Premium
Version
* - 1.3.13.2
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Villatheme ≫ Woocommerce Photo Reviews SwPlatformwordpress Version < 1.3.14
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 45.63% | 0.975 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@wordfence.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-288 Authentication Bypass Using an Alternate Path or Channel
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.