7.2
CVE-2024-8349
- EPSS 1.13%
- Veröffentlicht 25.09.2024 03:15:03
- Zuletzt bearbeitet 02.10.2024 16:50:09
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginUncanny Groups for LearnDash <= 6.1.0.1 - Authenticated (Group Leader+) Privilege Escalation
Uncanny Groups for LearnDash <= 6.1.0.1 - Authenticated (Group Leader+) Privilege Escalation
The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0.1. This is due to the plugin not properly restricting what users a group leader can edit. This makes it possible for authenticated attackers, with group leader-level access and above, to change admin account email addresses which can subsequently lead to admin account access.
Mögliche Gegenmaßnahme
Uncanny Groups for LearnDash: Update to version 6.1.1, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Uncannyowl ≫ Uncanny Groups For Learndash SwPlatformwordpress Version < 6.1.1
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Uncanny Groups for LearnDash
Version
*-6.1.0.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.13% | 0.622 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@wordfence.com | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
https://github.com/karlemilnikka/CVE-2024-8349-and-CVE-2024-8350
https://www.wordfence.com/threat-intel/vulnerabilities/id/64cf0ae2-8d66-40d1-8bb6-0cab1dafab0d?source=cve
https://www.wordfence.com/threat-intel/vulnerabilities/id/64cf0ae2-8d66-40d1-8bb6-0cab1dafab0d