9.8
CVE-2024-8292
- EPSS 0.85%
- Veröffentlicht 06.09.2024 07:15:03
- Zuletzt bearbeitet 12.09.2024 12:37:18
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginWP-Recall – Registration, Profile, Commerce & More <= 16.26.8 - Insecure Direct Object Reference to Unauthenticated Arbitrary Password Update
The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to privilege escalation/account takeover in all versions up to, and including, 16.26.8. This is due to to plugin not properly verifying a user's identity during new order creation. This makes it possible for unauthenticated attackers to supply any email through the user_email field and update the password for that user during new order creation. This requires the commerce addon to be enabled in order to exploit.
Mögliche Gegenmaßnahme
WP-Recall – Registration, Profile, Commerce & More: Update to version 16.26.9, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
WP-Recall – Registration, Profile, Commerce & More
Version
*-16.26.8
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Plechevandrey ≫ Wp-recall SwPlatformwordpress Version < 16.26.9
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.85% | 0.744 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@wordfence.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-639 Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.